From Newsgroup: alt.msdos.batch

Below is a working Windows custom proxy client I built over the past month.

If you use the same paths & freeware that I'm using, then I see no reason
it wouldn't work for you, out of the box, after you install these tools:

Psiphon freeware: (encrypted socks5 proxy server to bypass censorship)
<https://psiphon.ca/>
Name: psiphon3.exe
Size: 10402576 bytes (10158 KiB)
SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2

Mongoose freeware: (single-binary lightweight local http/https server)
<https://mongoose.ws/binary/>
Name: mongoose.exe
Size: 110592 bytes (108 KiB)
SHA256: 7F0BE618842767D9C83D9607139334F454447FDF822A5404DC9AC7EDFCAB856B

Specifically only these external freeware executables are currently used:
psiphon3.exe (acts as the SOCKS5 proxy engine)
mongoose.vbs (serves the proxy.pac file via HTTP)

While these built-in Windows tools & commands are used in the script:
curl.exe (verifies the custom PAC file is available)
cscript.exe (runs the mongoose setup & launching VBScript)
net session ( checks if the script is running with admin rights)
powershell.exe -Verb RunAs (requests UAC elevation if needed)
netsh.exe (imports & syncs proxy settings from WinINet into WinHTTP)
reg.exe (writes registry values for AutoConfigURL and AutoDetect)

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware

I've been building a privacy-focused proxy client for about a month which
has been a sudden deep dive into areas I hadn't touched in decades.

I hadn't seriously looked at proxies since around 2001, back when tools
like Proxifier were used to route traffic through TOR manually,
long before the Tor Browser bundled everything into a single click.

Back then, you'd launch TOR as a background service, configure Proxifier to redirect specific apps through a local SOCKS port and hope nothing leaked outside the tunnel.

Fast-forward to now and proxy configuration in Windows has become a multi-headed beast, with multiple API & networking stacks to deal with.

Modern Windows environments don't rely on a single unified proxy setting. Instead, they use multiple proxy stacks, each serving different types of applications and services. That means if you want consistent behavior
across browsers, system services, and modern apps, you can't just set a
proxy once and expect it to work everywhere.

Unfortunately, if you want it to be a single push-button (which is how I do everything, even clicking browser cookie-delete buttons automatically), you need scripts that interact with the registry, manipulate system settings,
and coordinate across stacks to make proxy setup a one-click operation.

On my Windows 10 Pro box, typical proxy settings live in places like:
a. Win+I > Settings > Network & Internet > Proxy
b. Win+R > control > Internet Options > Connections > LAN Settings
c. And Group Policy or registry edits for deeper control

Windows doesn't use a single unified proxy configuration. Instead, it has multiple proxy stacks, each used by different types of applications.
1. WinINet Stack
2. WinHTTP Stack
3. WPAD + PAC Files (used for auto-discovery and dynamic proxy logic)
4. Modern App Stack (Windows Runtime / UWP)
5. Custom Proxy Clients (scripts that can also bypass Windows stacks)

Examples of how these stacks are used:
a. WinINet is used by Internet Explorer and Chrome
b. WinHTTP is what Windows Update relies on
c. WPAD and PAC files are used by WinINet apps like Chrome & Firefox
d. UWP apps like Microsoft Store & Mail use the Modern App Stack
e. Tools like Proxifier, SocksCap, FreeCap, WideCap, ProxyCap,
SocksEscort, ShadowSocks, Psiphon, or in my case, a custom batch
script can act as freeware custom proxy clients on Windows 10.

For this tutorial, a custom proxy client can be any tool or script that:
A. Launches or manages a proxy service
B. Configures system or app-level proxy settings
C. Handles traffic & proxy logic independently of Windows' built-in stacks

Below is an example of my own script-driven proxy client which...
A. Bridges Psiphon with Windows proxy stacks,
B. Serves & applies PAC logic (with CoPilot, GMail & Amazon Vine bypass),
C. Syncs across WinINet & WinHTTP proxy stacks,
D. and handles Admin elevation (e.g., for regedits) & status logging.

These are a half dozen actions that the custom proxy client does...
1. Launches a freeware SOCKS5 proxy engine (Psiphon in SOCKS mode)
2. Serves a custom PAC file over HTTP/HTTPS before launching Psiphon
3. Applies proxy logic once Psiphon is running
4. Syncs proxy settings across stacks (WinINet > WinHTTP)
5. Handles elevation & logging if not already running as admin
6. Keeps the shell open so we can see what happened

Specifically, in my Windows 10 environment, the script below...
1. Starts psiphon3.exe in SOCKS mode which provides a local SOCKS5
proxy tunnel, which apps can use to route traffic through
Psiphon's encrypted network.
2. Runs mongoose.vbs to serve a proxy.pac file over HTTP at
http://127.0.0.1/proxy.pac. It waits a couple seconds,
then uses curl to verify the PAC file is actually available
before continuing.
3. Calls pac.cmd, which sets up the system to use the PAC file.
It also directly sets the PAC URL and enables Auto-Detect
in the registry under:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
4. Runs "netsh winhttp import proxy source=ie" which copies the
static proxy settings from WinINet into WinHTTP
Note: It smartly avoids transferring SOCKS or PAC logic
to WinHTTP, since WinHTTP doesn't support those.
5. Relaunches itself with UAC elevation & logs activity to proxy.log,
including timestamps when PAC logic is triggered.
6. Pauses at the end so you can see what happened.

I'm sure there will be improvements, but here's the current status after
using it for about a month (ever since Epic Privacy Browser went bust).

::START: You type Win+R -> psiphon
:: |
:: v
::psiphon.bat
:: - Check if running as admin
:: - If not, request UAC elevation and restart
:: - Launch mongoose.vbs to serve proxy.pac (moved earlier in v1.8)
:: - Wait 2 seconds for Mongoose to initialize (added in v1.8)
:: - Echo "waiting for mongoose..." during delay (added in v1.9)
:: - Verify PAC file is accessible via curl (added in v1.8)
:: - Launch psiphon3.exe in SOCKS mode
:: - Wait 5 seconds for Psiphon to initialize
:: - Log that pac.cmd is being run
:: - Call pac.cmd /silent
:: |
:: v
:: pac.cmd
:: - Log run
:: - Run proxy.cmd /sync to align WinINET -> WinHTTP
:: - Capture current PAC URL and Auto-Detect status
:: - If missing or wrong, call proxy.cmd with PAC URL
:: - Force set PAC URL and Auto-Detect in registry
:: - Re-capture status so final display is accurate
:: - Show final PAC and Auto-Detect status
:: - Return to psiphon.bat
:: - Force set PAC URL and Auto-Detect again (double guarantee)
:: - Pause for user to see output
:: - Exit without closing parent shell
::END

Here's my main custom proxy client script, verbatim, using my own paths, so please realize this is a working script that I use every day to perform the actions above on my Windows 10 Pro Pc. Note that I will necessarily need to send the companion scripts separately since this is already a long post.

@echo off
REM C:\data\sys\batch\psiphon.bat version 1.0 20250819
REM This is psiphon.bat version 2.1 (118 lines)
REM Runs "C:\app\network\psiphon\psiphon3.exe" -mode=socks
REM This method leaves windows open.
REM %comspec% /k C:\app\network\psiphon\psiphon3.exe -mode=socks
REM This method closes windows.
REM psiphon.bat version 1.1 20250916
REM Added automatic PAC sync/apply after Psiphon launch
REM psiphon.bat version 1.2 20250916
REM Added logging to proxy.log when PAC is triggered from psiphon
REM psiphon.bat version 1.3 20250916
REM Added optional pause for viewing output before closing
REM psiphon.bat version 1.4 20250916
REM Changed to never close parent cmd window and always pause at end
REM psiphon.bat version 1.5 20250916
REM Added self-elevation to request UAC if not already admin
REM psiphon.bat version 1.6 20250916
REM Added final PAC URL + Auto-Detect set to ensure persistence
REM after Psiphon/proxy changes
REM psiphon.bat version 1.7 20250917
REM Added launch of mongoose.vbs to serve proxy.pac before PAC logic
REM psiphon.bat version 1.8 20250917
REM Reordered launch sequence: Mongoose now starts BEFORE Psiphon
REM Added PAC availability check using curl
REM Added 2-second wait after Mongoose launch to ensure readiness
REM psiphon.bat version 1.9 20250917
REM Error: PAC file not available. Aborting. Press any key to continue
REM Increased delay from 2 to 4 to give Mongoose more time to bind & serve
REM psiphon.bat version 2.0 20250917 (111 lines)
REM Decreased delay back to 2 as it didn't make a difference
REM Added echo message during Mongoose wait to indicate progress
REM psiphon.bat version 2.1 20250917 (118 lines)
REM Expanded Psiphonos reach to WinHTTP apps without compromising WinINET apps
REM By adding Automatic Sync of WinINET to WinHTTP (e.g., for Windows
Update)
REM Transfers only the Psiphon-injected static HTTP/HTTPS proxy address
REM Does not transfer PAC logic and SOCKS settings from WinInet to WinHTTP

:: --- Elevate to admin if not already ---

nul 2>&1 net session

if %errorlevel% neq 0 (
echo Requesting administrative privileges...
powershell -Command "Start-Process '%~f0' -Verb RunAs"
exit /b
)

REM Launch Mongoose silently to serve proxy.pac
cscript //nologo "C:\data\sys\batch\launchmongoose.vbs"

REM Wait for Mongoose to initialize (added in v1.8)
echo waiting for mongoose... (added in v2.0)
timeout /t 2 /nobreak >nul

REM Verify PAC file is available before proceeding (added in v1.8)
curl --silent --fail http://127.0.0.1/proxy.pac >nul || (
echo PAC file not available. Aborting.
pause
exit /b
)

REM Launch Psiphon in SOCKS mode
start "" /D "C:\app\network\psiphon" psiphon3.exe -mode=socks

REM Wait a few seconds for Psiphon to initialize
timeout /t 5 /nobreak >nul

REM Log that PAC is being run from psiphon
echo [%DATE% %TIME%] pac.cmd triggered from psiphon.bat >> C:\data\sys\log\proxy.log

REM Apply PAC logic automatically (silent mode)
call "C:\data\sys\batch\pac.cmd" /silent

REM Force PAC URL and Auto-Detect to desired values at the very end
REM This ensures Psiphon or proxy sync cannot leave them unset
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
/v AutoConfigURL /t REG_SZ /d http://127.0.0.1/proxy.pac /f >nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
/v AutoDetect /t REG_DWORD /d 1 /f >nul

REM Sync WinINET proxy settings into WinHTTP (added in v2.1)
netsh winhttp import proxy source=ie

REM Always pause so you can see output if run from a console
echo.
echo Press any key to close...
pause >nul

REM End batch without killing the shell
exit /b

Note that I will post working companion scripts following this overview.
--
Kindly donated to the Usenet community, as always, for others to benefit.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Marion wrote:

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware
Note that I will post working companion scripts following this overview.

The companion blocks psiphon.bat uses are listed below:
1. proxy.cmd
registry sync helper that reads and writes WinINet & WinHTTP settings
2. pac.cmd
PAC file installer that calls proxy.cmd to enforce AutoConfigURL
and AutoDetect so that these three domains are bypassed
Amazon Vine (https://amazon.com/vine/about)
Google Gmail (https://mail.google.com)
Microsoft (https://copilot.microsoft.com)
These are bypassed since they hate proxies like they hate VPN.
3. launchmongoose.vbs
Launches a lightweight HTTP server that serves proxy.pac to localhost
4. psiphon.bat
The main proxy client which elevates to admin, starts mongoose,
launches Psiphon, applies PAC logic, syncs to WinHTTP & logs activity

Bearing in mind everything you do on WIndows more than once is to be made
into a single click, each of these commands runs standalone when needed.
Win+R > proxy
Win+R > pac
Win+R > mongoose
Win+R > psiphon
These single-point activators are made possible by the App Paths key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\<name>.exe

For reference, here is the general flow so you can see where each is run.
::START: Win+R -> psiphon (uses App Paths registry key)
:: |
:: v
::psiphon.bat
:: - Check if running as admin
:: - If not, request UAC elevation and restart
:: - Launch launchmongoose.vbs to start Mongoose HTTP server
:: - Serve proxy.pac at http://127.0.0.1/proxy.pac
:: - Wait 2 seconds for Mongoose to initialize
:: - Verify PAC file is available using curl
:: - If PAC file is not available, abort
:: - Launch psiphon3.exe in SOCKS mode
:: - Wait 5 seconds for Psiphon to initialize
:: - Log that pac.cmd is being run
:: - Call pac.cmd /silent
:: |
:: v
:: pac.cmd
:: - Log run
:: - Run proxy.cmd /sync to align WinINET -> WinHTTP
:: - Capture current PAC URL and Auto-Detect status
:: - If missing or wrong, call proxy.cmd with PAC URL
:: - Force set PAC URL and Auto-Detect in registry
:: - Show final PAC and Auto-Detect status
:: - Return to psiphon.bat
:: - Force set PAC URL and Auto-Detect again (double guarantee)
:: - Pause for user to see output
:: - Exit without closing parent shell
::END

Here is my working Win_R > proxy (proxy.cmd) source file:
@echo off
REM C:\data\sys\batch\proxy.cmd 20250902
REM This is version 2.2
REM Proxy diagnostic & config tool for WinINET, WinHTTP, PAC
REM C:\data\sys\batch\proxy.cmd v2.1 - 20250916
REM Changes in v2.1 (20250916):
REM Added conditional check before importing WinINET into WinHTTP
REM to avoid overwriting existing settings unnecessarily
REM Added PAC file existence check before setting PAC URL
REM Updated pause prompts to clarify Enter, Spacebar, or any key works
REM C:\data\sys\batch\proxy.cmd v2.2 - 20250916 (224 lines)
REM Changed final exit to exit /b to avoid closing parent cmd window

REM Usage:
REM Win+R > proxy
REM Win+R > proxy /help
REM Win+R > proxy /sync
REM Win+R > proxy http://url.pac
REM Win+R > proxy /nopac
REM Win+R > proxy /status
REM Win+R > proxy /reset
REM Win+R > proxy /silent
REM Win+R > proxy /silent /sync

REM Proxy types:
REM Type 1: WinINET - IE, Edge, MS Office, most apps
REM Type 2: WinHTTP - system services like Windows Update
REM Type 3: PAC/AutoDetect - Chrome, Edge, Firefox (if set to use system proxy)

REM Show usage
if /i "%~1"=="/help" (
echo Usage:
echo proxy
echo proxy /sync
echo proxy http://...
echo proxy /nopac
echo proxy /status
echo proxy /reset
echo proxy /silent ...
exit /b
)

REM Log command
set LOG=C:\data\sys\log\proxy.log
echo [%DATE% %TIME%] %cmdcmdline% >> %LOG%

REM Begin scoped env
setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

REM Detect /silent flag
if /i "%~1"=="/silent" (
set SILENT=1
shift
)

REM /reset flag
if /i "%~1"=="/reset" (
echo Reset proxy settings...
reg delete %KEY% /v ProxyEnable /f >nul 2>&1
reg delete %KEY% /v ProxyServer /f >nul 2>&1
reg delete %KEY% /v AutoConfigURL /f >nul
reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
netsh winhttp reset proxy >nul 2>&1
echo Proxy settings cleared.
goto SHOWCONFIG
)

REM /status flag
if /i "%~1"=="/status" (
echo Show proxy config...
goto SHOWCONFIG
)

REM /sync flag
if /i "%~1"=="/sync" (
echo Sync WinINET into WinHTTP...
REM Check if WinHTTP proxy is already set before importing
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr /R /C:"Proxy Server(s)"') do set curWinHTTP=%%B
set curWinHTTP=%curWinHTTP:~1%
if "%curWinHTTP%"=="" (
netsh winhttp import proxy source=ie
if errorlevel 1 (
echo ERROR: Access denied. Run as admin.
)
echo Done.
) else (
echo WinHTTP proxy already set, skipping import.
)
goto SHOWCONFIG
)

REM /nopac flag
if /i "%~1"=="/nopac" (
echo Disable PAC & Auto-Detect...
reg delete %KEY% /v AutoConfigURL /f >nul 2>&1
reg add %KEY% /v AutoDetect /t REG_DWORD /d 0 /f >nul
echo PAC & Auto-Detect disabled.
goto SHOWCONFIG
)

REM Set PAC URL
if not "%~1"=="" (
echo Set PAC URL: %~1
REM PAC file existence check if URL is local file or localhost
for /f "tokens=1 delims=:" %%P in ("%~1") do set PACPROTO=%%P
if /i "%PACPROTO%"=="http" (
REM If localhost PAC, check file existence
echo %~1 | findstr /I "127.0.0.1" >nul
if not errorlevel 1 (
for /f "tokens=2 delims=:" %%H in ("%~1") do set PACPORTPATH=%%H
REM Remove leading slashes
set PACPORTPATH=%PACPORTPATH:/=%
REM Adjust path if needed (user must ensure correct mapping)
if not exist "C:\data\sys\pac\proxy.pac" (
echo WARNING: PAC file not found at C:\data\sys\pac\proxy.pac
)
)
)
reg add %KEY% /v AutoConfigURL /t REG_SZ /d %~1 /f >nul
reg add %KEY% /v AutoDetect /t REG_DWORD /d 1 /f >nul
)

REM Diagnostic output
:SHOWCONFIG
echo ============================================
echo WINDOWS PROXY CONFIG CHECK
REM Avoid slash to prevent parsing bug
echo ============================================

REM WinINET status
echo.
echo [1] WinINET
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy ENABLED
echo Server: %ProxyServer%
) else (
echo Proxy DISABLED
)

REM WinHTTP status
echo.
echo [2] WinHTTP
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr /R /C:"Proxy Server(s)"') do set curWinHTTP=%%B
set curWinHTTP=%curWinHTTP:~1%
if "%curWinHTTP%"=="" (
echo No WinHTTP proxy - import from WinINET...
netsh winhttp import proxy source=ie >nul 2>&1
) else (
echo WinHTTP proxy already set
)
netsh winhttp show proxy

REM PAC status
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B
if defined PACurl (
echo PAC URL: %PACurl%
) else (
echo No PAC URL
)

REM PAC logic summary
if /i "%PACurl%"=="http://127.0.0.1/proxy.pac" (
echo PAC logic: Bypass Gmail, Amazon, Copilot
echo Other traffic via SOCKS proxy 127.0.0.1:1080
)

if "%AutoDetect%"=="0x1" (
echo Auto-Detect ENABLED
) else (
echo Auto-Detect DISABLED
)

echo.
echo ============================================
echo Proxy check complete
echo ============================================

endlocal

REM Final pause unless /silent
if not defined SILENT (
echo.
echo Press Enter, Spacebar, or any key to close...
pause >nul
)

exit /b
--
Some people are kind hearted enough to ensure others always benefit.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Marion wrote:

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware
Note that I will post working companion scripts following this overview.

While companion blocks are listed below, some are optional.
1. proxy.cmd (posted)
registry sync helper that reads and writes WinINet & WinHTTP settings
2. pac.cmd (to be posted)
PAC file installer that calls proxy.cmd to enforce AutoConfigURL
and AutoDetect so that these three domains are bypassed
Amazon Vine (https://amazon.com/vine/about)
Google Gmail (https://mail.google.com)
Microsoft (https://copilot.microsoft.com)
These are bypassed since they hate proxies like they hate VPN.
3. launchmongoose.vbs (posted below)
Launches a lightweight HTTP server that serves proxy.pac to localhost
4. psiphon.bat (posted in the original post opening up this thread)
The main proxy client which elevates to admin, starts mongoose,
launches Psiphon, applies PAC logic, syncs to WinHTTP & logs activity

In keeping with the idea that anything you do more than once on Windows
should be tied to a single click, launchmongoose.vbs is an optional helper that silently starts the Mongoose web server in the correct working
directory so it can host proxy.pac at http://127.0.0.1. It only launches if mongoose.exe is not already running and logs the result to mongoose.log.

Keep in mind that this custom proxy client works fine without Mongoose
because Psiphon in SOCKS5 mode does not require a PAC file to be served
over HTTP (that is, the PAC URL in the registry can point to a local file
path or direct proxy settings as it doesn't need to be served over HTTP).

The benefit of adding the lightweight Mongoose web server was that mongoose
is an easy way to serve the PAC file over HTTP before Psiphon starts.

This allows:
a. The PAC URL in WinINet and WinHTTP to point to a live file
at http://127.0.0.1/proxy.pac
b. Any app or service that supports PAC files to fetch proxy
rules immediately without using an external server
c. Custom bypass logic such as skipping Amazon Vine, Gmail
and Microsoft Copilot to be applied system wide
d. The PAC file to remain available even if Psiphon changes
network routes because the PAC file is hosted locally

In short, the launching of Mongoose turns my custom proxy client setup from just a SOCKS5 tunnel into a more-self-contained proxy service with dynamic routing rules, making PAC logic work reliably across all stacks & apps.

With that backround in mind, here's the OPTIONAL mongoose-launch script.
' ============================================
' launchmongoose.vbs 20250916 version 1.0
' This is version 1.5
' ============================================
' Version History:
' 1.0 - 20250916 Initial silent launch
' 1.1 - 20250916 Added process check and logging
' 1.2 - 20250916 Fixed duplicate End If error
' 1.3 - 20250916 Added version header block, cleaned structure
' 1.4 - 20250916 Removed unconditional launch
' Now launches only if not running
' 1.5 - 20250916 Updated launch command to explicitly set working directory
' ============================================
' Serves C:\data\sys\batch\proxy.pac as http & https
' Launch using: cscript //nologo launchmongoose.vbs
' Test using: curl http://127.0.0.1/proxy.pac
' Testing using: type mongoose.log
' Or just use: tasklist /fi "imagename eq mongoose.exe"
' Kill using: taskkill /f /im mongoose.exe
' Test this script: cscript //nologo "C:\data\sys\batch\launchmongoose.vbs"
' ==============================
' Added in version 1.1
' ==============================
' Features:
' - Skips launch if mongoose.exe is already running
' - Logs launch attempts to mongoose.log
' ==============================
' Fixed in version 1.2
' ==============================
' got rid of errors
' ==============================
' Improved in version 1.4
' ==============================
' Removed unconditional launch from version 1.0
' ==============================
' Improved in version 1.5
' ==============================
' Due to error: PAC file not available.
' Added explicit path to Mongoose launch
' WshShell.Run """C:\data\sys\batch\mongoose.exe"" -l http://127.0.0.1:80 -d C:\data\sys\batch", 0, False
' This ensures proxy.pac is served correctly regardless of current working directory
' ==============================

Set WshShell = CreateObject("WScript.Shell")

Set execCheck = WshShell.Exec("cmd /c tasklist /fi ""imagename eq mongoose.exe"" | find /i ""mongoose.exe""")
If execCheck.StdOut.ReadAll = "" Then
' Mongoose is not running, launch silently
WshShell.Run """C:\data\sys\batch\mongoose.exe"" -l http://127.0.0.1:80 -d C:\data\sys\batch", 0, False

' Log the launch
WshShell.Run """cmd.exe"" /c echo [" & Date & " " & Time & "] Mongoose launched >> C:\data\sys\batch\mongoose.log", 0, False
Else
' Mongoose is already running, skip launch
WshShell.Run """cmd.exe"" /c echo [" & Date & " " & Time & "] Mongoose already running >> C:\data\sys\batch\mongoose.log", 0, False
End If

Note I tested caddy, miniweb, mongoose & python before settling on mongoose.
--
Note that Amazon Vine gives me tens of thousands of dollars worth of "free stuff" every year so I needed to keep them happy since they hated proxies.
<https://amazon.com/vine/about>
And GMail was barfing as were all the AI's, but Copilot is a M$ tool,
so it's added here (you'll likely want to add all the AI URls to it).
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Marion wrote:

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware
Note that I will post working companion scripts following this overview.

While companion blocks are listed below, some are optional.
1. proxy.cmd (previously posted)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
registry sync helper that reads and writes WinINet & WinHTTP settings

2. pac.cmd (posted below)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe
PAC file installer that calls proxy.cmd to enforce AutoConfigURL
and AutoDetect so that these three domains are bypassed
Amazon Vine (https://amazon.com/vine/about)
Google Gmail (https://mail.google.com)
Microsoft (https://copilot.microsoft.com)
These are bypassed since they hate proxies like they hate VPN.

3. launchmongoose.vbs (previously posted)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mongoose.exe
Launches a lightweight HTTP server that serves proxy.pac to localhost

4. psiphon.bat (previously posted in the original post of this thread)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\psiphon.exe
The main proxy client which elevates to admin, starts mongoose,
launches Psiphon, applies PAC logic, syncs to WinHTTP & logs activity

In contrast with the previous post where mongoose was added just yesterday
as an OPTIONAL helper to serve PAC files over HTTP, probably the one script that I've spent the most time on in this month-long effort is this pac.cmd, which is a helper script that makes sure the system is using the correct
PAC file, PAC URL and Auto-Detect settings after Psiphon starts.

This pac.cmd script (which can be run from "Win+R > pac" if needed, is
called by the main psiphon.bat custom proxy client in order to sync WinINet proxy settings into WinHTTP. What it does is it checks the current PAC configuration and applies changes if needed. It can also intelligently
force the PAC URL and Auto-Detect registry keys so they stay set even if Windows fails to fetch the PAC file. That took a while to get timing right.

It then logs its actions even as it can run silently and it shows the final PAC status so we know when proxy logic is active across both stacks.

@echo off
REM C:\data\sys\batch\pac.cmd (This is version 3.0)
REM Single command: Win+R > pac
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pac.exe
REM C:\data\sys\batch\pac.cmd v1p6_20250902
REM Sync WinHTTP proxy & apply PAC logic
REM Used after Psiphon starts to align proxy layers
REM C:\data\sys\batch\pac.cmd v1p7_20250916
REM Changes in v1.7 (20250916):
REM After applying PAC, capture proxy.cmd /status to a temp file
REM Parse PAC URL & Auto-Detect status from proxy.cmd output
REM Display parsed results instead of static PAC summary
REM C:\data\sys\batch\pac.cmd v1p8_20250916
REM Added PACURL variable at top for easy change
REM Improved /silent handling to work in any argument position
REM C:\data\sys\batch\pac.cmd v1p9_20250916
REM Fixed capture logic so temp file is created before parsing
REM C:\data\sys\batch\pac.cmd v2.0_20250916
REM Skips PAC apply step if PAC URL and Auto-Detect are already correct
REM C:\data\sys\batch\pac.cmd v2.1_20250916
REM Added note this may be called automatically from psiphon.bat v1.2
REM Added detection/logging if called from psiphon.bat
REM C:\data\sys\batch\pac.cmd v2.2_20250916
REM Added forced PAC set suggestion
REM C:\data\sys\batch\pac.cmd v2.3_20250916
REM Now always forces PAC URL + Auto-Detect to ensure persistence
REM C:\data\sys\batch\pac.cmd v2.4_20250916
REM Added re-capture of status after forcing PAC for accurate display
REM C:\data\sys\batch\pac.cmd v2.5_20250916
REM Verified re-capture placement after reg add to fix stale display bug
REM C:\data\sys\batch\pac.cmd v2.9_20250916
REM Hard-coded TEMPSTATUS to C:\tmp\pac_status.txt
REM Removed deletion of TEMPSTATUS at end
REM Section-aware parsing of PAC/AutoDetect block with /B matching
REM C:\data\sys\batch\pac.cmd v3.0_20250917 (242 lines)
REM Moved PAC registry enforcement into apply block
REM so proxy.cmd reflects correct status immediately
REM Added fallback enforcement even when PAC is already correct
:: Normally the pac file is served by a web server.
:: This script does not rely on Windows successfully fetching the PAC file
:: via HTTP. Instead, it Sets the registry key to point to the PAC URL
:: It assumes the PAC logic is known & trusted.
:: It uses proxy.cmd to apply proxy settings directly,
:: bypassing the need for Windows to interpret the PAC file
:: So even if http://127.0.0.1/proxy.pac is not actually being served
:: by a web server, the system still behaves as if it is because the
:: tooling here enforces the logic manually.
:: This is where Windows typically looks for the PAC script URL.
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
:: AutoConfigURL = http://127.0.0.1/proxy.pac
:: That tells Windows to fetch the PAC file from your own machine via HTTP
:: http://127.0.0.1/proxy.pac
:: C:\data\sys\batch\proxy.pac
:: curl http://127.0.0.1/proxy.pac
::
:: You could point to the actual pac file but that is less universal
:: AutoConfigURL = file:///C:/data/sys/batch/proxy.pac
::
:: C:\app\network\psiphon\psiphon3.exe -mode=socks
:: Win+R > control > Internet Options > Connections > LAN Settings
:: Automatic configuration
:: [x]Automatically detect settings
:: [x]Use automatic configuration script
:: Address http://127.0.0.1/proxy.pac
:: Proxy server
:: [x]Use a proxy server for your LAN
:: [x]Bypass proxy server for local addresses
::
:: Win+I > Settings > Network & Internet > Proxy > Manual proxy setup = on
:: Automatic proxy setup
:: Automatically detect settings = on
:: Use setup script = on
:: Script address = http://127.0.0.1/proxy.pac
:: Manual proxy setup
:: Use a proxy server = on
:: Address http=127.0.0.1:3736;https=127.0.0.1:3736;socks=127.0.0.1:1080
:: Port = <blank>
:: Use the proxy server except for addresses that start with the following entries. Use semicolons (;) to separate entries.
:: 10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;169.254.*;[fc*];[fd*];[fe8*];[fe9*];[fea*];[feb*]
:: [x]Do not use the proxy server for local intranet addresses
::
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
:: AutoConfigURL = http://127.0.0.1/proxy.pac
::
:: C:\data\sys\batch\proxy.pac
::

REM PAC URL variable
set "PACURL=http://127.0.0.1/proxy.pac"

REM Detect /silent flag anywhere in args
set SILENT=
for %%A in (%*) do (
if /i "%%A"=="/silent" set SILENT=1
)

REM Detect if called from psiphon.bat
echo %CMDCMDLINE% | find /I "psiphon.bat" >nul
if not errorlevel 1 (
echo [%DATE% %TIME%] pac.cmd detected it was called from psiphon.bat >> C:\data\sys\log\proxy.log
)

REM Log start
echo [%DATE% %TIME%] Run pac.cmd %* >> C:\data\sys\log\proxy.log

REM /status flag
for %%A in (%*) do (
if /i "%%A"=="/status" (
start "" "C:\data\sys\batch\proxy.cmd" /silent /status
exit /b
)
)

REM /nopac flag
for %%A in (%*) do (
if /i "%%A"=="/nopac" (
echo Disable PAC & Auto-Detect...
start "" "C:\data\sys\batch\proxy.cmd" /silent /nopac
exit /b
)
)

REM Sync WinINET into WinHTTP
echo Run proxy sync...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c \"C:\data\sys\batch\proxy.cmd\" /sync' -NoNewWindow -Wait"

REM Hard-coded temp file path
set "TEMPSTATUS=C:\tmp\pac_status.txt"

REM Capture current PAC status
call "C:\data\sys\batch\proxy.cmd" /silent /status > "%TEMPSTATUS%"

REM Parse PAC URL and Auto-Detect from [3] PAC / AutoDetect section only
set "PACURL_FOUND="
set "AUTODETECT="
set "IN_PAC_SECTION="

for /f "usebackq delims=" %%L in ("%TEMPSTATUS%") do (
if defined IN_PAC_SECTION (
if not defined PACURL_FOUND echo %%L | findstr /B /I "PAC URL:" >nul && set "PACURL_FOUND=%%L"
if not defined AUTODETECT echo %%L | findstr /B /I "Auto-Detect" >nul && set "AUTODETECT=%%L"
if "%%L"=="" set "IN_PAC_SECTION="
)
if "%%L"=="[3] PAC / AutoDetect" set "IN_PAC_SECTION=1"
)

set "PACURL_FOUND=%PACURL_FOUND:PAC URL: =%"
set "AUTODETECT=%AUTODETECT:Auto-Detect =%"

REM Decide whether to apply PAC
set APPLY_PAC=0
if /i not "%PACURL_FOUND%"=="%PACURL%" set APPLY_PAC=1
if /i not "%AUTODETECT%"=="ENABLED" set APPLY_PAC=1

if "%APPLY_PAC%"=="1" (
echo Apply PAC logic...
powershell -Command "Start-Process -FilePath 'cmd.exe' -ArgumentList '/c \"C:\data\sys\batch\proxy.cmd\" %PACURL%' -NoNewWindow -Wait"

REM v2.10: Force PAC registry keys immediately after apply
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /t REG_SZ /d %PACURL% /f >nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect /t REG_DWORD /d 1 /f >nul

REM Re-capture status after applying PAC
call "C:\data\sys\batch\proxy.cmd" /silent /status > "%TEMPSTATUS%"
) else (
echo PAC settings already correct - skipping apply step.

REM v2.10: Still enforce PAC registry keys to guarantee consistency
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /t REG_SZ /d %PACURL% /f >nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect /t REG_DWORD /d 1 /f >nul
)

REM Re-capture status AFTER forcing PAC so display is accurate
echo Re-capturing final status...
call "C:\data\sys\batch\proxy.cmd" /silent /status > "%TEMPSTATUS%"
REM Parse PAC URL and Auto-Detect again from [3] PAC / AutoDetect section
set "PACURL_FOUND="
set "AUTODETECT="
set "IN_PAC_SECTION="

for /f "usebackq delims=" %%L in ("%TEMPSTATUS%") do (
if defined IN_PAC_SECTION (
if not defined PACURL_FOUND echo %%L | findstr /B /I "PAC URL:" >nul && set "PACURL_FOUND=%%L"
if not defined AUTODETECT echo %%L | findstr /B /I "Auto-Detect" >nul && set "AUTODETECT=%%L"
if "%%L"=="" set "IN_PAC_SECTION="
)
if "%%L"=="[3] PAC / AutoDetect" set "IN_PAC_SECTION=1"
)

set "PACURL_FOUND=%PACURL_FOUND:PAC URL: =%"
set "AUTODETECT=%AUTODETECT:Auto-Detect =%"

if defined PACURL_FOUND (
echo PAC URL: %PACURL_FOUND%
) else (
echo PAC URL: Not set
)

if /i "%AUTODETECT%"=="ENABLED" (
echo Auto-Detect ENABLED
) else (
echo Auto-Detect DISABLED
)

REM Final pause unless /silent
if not defined SILENT (
echo.
echo Press Enter, Spacebar, or any key to close...
pause >nul
)

exit /b

::START: You type Win+R -> psiphon
:: |
:: v
::psiphon.bat
:: - Check if running as admin
:: - If not, request UAC elevation and restart
:: - Launch mongoose.vbs to serve proxy.pac (moved earlier in v1.8)
:: - Wait 2 seconds for Mongoose to initialize (added in v1.8)
:: - Echo "waiting for mongoose..." during delay (added in v1.9)
:: - Verify PAC file is accessible via curl (added in v1.8)
:: - Launch psiphon3.exe in SOCKS mode
:: - Wait 5 seconds for Psiphon to initialize
:: - Log that pac.cmd is being run
:: - Call pac.cmd /silent
:: |
:: v
:: pac.cmd
:: - Log run
:: - Run proxy.cmd /sync to align WinINET -> WinHTTP
:: - Capture current PAC URL and Auto-Detect status
:: - If missing or wrong, call proxy.cmd with PAC URL
:: - Force set PAC URL and Auto-Detect in registry
:: - Re-capture status so final display is accurate
:: - Show final PAC and Auto-Detect status
:: - Return to psiphon.bat
:: - Force set PAC URL and Auto-Detect again (double guarantee)
:: - Pause for user to see output
:: - Exit without closing parent shell
::END
--
Note that this custom one-click socks5 proxy client is modular,
where each component can be individually run & tested in one step.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Marion wrote:

Tutorial:
Build a one-click Windows custom SOCKS5 proxy client using freeware

Included below is an OPTIONAL proxy-checking script that I wrote early on which outputs what is happening when Psiphon.bat is setting & unsetting
things, along with Psiphon itself syncing stuff when starts & stops.
C:\data\sys\batch\checkproxy.bat
Win+R > checkproxy

Bear in mind, about half the stuff that is checked below is set/unset
by Psiphon while the other half (roughly) is set/unset in my scripts.

That is, if you start Psiphon.exe without the scripts, only about half of
what actually happens will happen (although I changed the TARGET on the original Psiphon link to run the psiphon.bat script so it does it all).
Change Psiphon.lnk TARGET FROM C:\app\network\psiphon\psiphon3.exe
Change Psiphon.lnk TARGET TO C:\data\sys\batch\psiphon.bat

When the custom psiphon.bat script modifies system proxy configurations to route traffic through Psiphon's secure tunnel, here's what it changes:

1. WinINET (used by Internet Explorer and some legacy apps):
Psiphon does not enable a manual proxy here by default.
Proxy remains DISABLED unless manually set.

2. WinHTTP (used by system services and background tasks):
Initially set to "Direct access" (no proxy).
Psiphon syncs WinINET settings into WinHTTP.
Eventually sets WinHTTP proxy to:
http=127.0.0.1:63750
https=127.0.0.1:63750
socks=127.0.0.1:1080
Adds a bypass list for local and private IP ranges.

3. PAC (Proxy Auto-Config) and AutoDetect:
Before Psiphon: no PAC URL, Auto-Detect is DISABLED.
After Psiphon:
Sets PAC URL to http://127.0.0.1/proxy.pac
Enables Auto-Detect
PAC logic routes Gmail, Amazon Vine & Copilot directly
& sends other traffic through SOCKS proxy at 127.0.0.1:1080

In summary, the custom proxy client...
a. Sets a PAC script URL in the registry.
a. Enables Auto-Detect to apply PAC logic.
a. Syncs proxy settings from WinINET to WinHTTP.
a. Configures WinHTTP to use Psiphon's local proxy ports.
a. Leaves WinINET proxy disabled unless manually overridden.

This setup ensures that most apps and services follow the PAC logic and
route traffic through Psiphon's encrypted tunnel, while exempting trusted domains and local addresses.

Note that every file can be run via a doubleclick in the file explorer, or
it can be run in a Runbox via a custom 'App Paths' registry key, but in general, everything is connected together by the main psiphon.bat script.
Win+R > psiphon

When you run the Psiphon SOCKS5 GUI, it automatically changes certain
Windows proxy settings while it is active, and then reverts them when
you close it.

1. The PAC script URL in the WinINET (Internet Settings) registry key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
This is set to something like http://127.0.0.1/proxy.pac
when Psiphon is running, and cleared when it stops.

2. The Auto-Detect setting in the same key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
This is enabled when Psiphon is running with PAC logic,
and disabled when it stops.

3. The WinHTTP proxy configuration:
'netsh winhttp show proxy' will show Psiphon's local HTTP,
HTTPS & SOCKS ports while it is active & Direct access
(no proxy server) after it closes.

4. Optionally, Mongoose serves proxy.pac & listens on the localhost.
Mongoose is not responsible for setting registry keys or
configuring proxy settings itself, Instead, its role is limited to
Serving the PAC file (proxy.pac) over HTTP at http://127.0.0.1/proxy.pac
Listening on localhost to respond to Windows requests for the PAC script
Enabling dynamic retrieval of PAC logic when AutoConfigURL is set

In short, Psiphon's GUI automatically adjusts key Windows proxy settings
while active, then reverts them when closed. Specifically:
a. It sets the PAC script URL in the registry to http://127.0.0.1/proxy.pac.
b. It enables the Auto-Detect flag so Windows applies PAC logic.
c. It configures WinHTTP to use Psiphon's local proxy ports (HTTP, HTTPS & SOCKS).
d. It clears those settings when Psiphon exits, restoring direct access.

Together, Psiphon & my custom scripts create a unified proxy environment. Traffic is routed securely through Psiphon's tunnel where finicky domains (such as Amazon Vine, Google GMail & Microsoft AI clients) are bypassed,
and local addresses are excluded.

When the tunnel closes, everything reverts cleanly to default behavior.
Here is an OPTIONAL custom script which simply reports what's happened.

@echo off
REM C:\data\sys\batch\checkproxy.bat 20250916
REM This is version 1.2
REM Custom unified Windows proxy diagnostic tool
REM v1.0 lists WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM v1.1 replaces echo. with echo( to avoid command misinterpretation
REM v1.2 adds PAC file existence check and SHA256 hash logging (114 lines)

setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set PACFILE=C:\data\sys\batch\proxy.pac

echo ==============================================
echo WINDOWS PROXY CONFIGURATION CHECK
echo ==============================================

REM --- PAC file existence check ---
if not exist "%PACFILE%" (
echo WARNING: PAC file not found at %PACFILE%
) else (
echo PAC file found at %PACFILE%
echo PAC file SHA256 hash:
certutil -hashfile "%PACFILE%" SHA256
)

REM --- WinINET (manual proxy) ---
echo(
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo(
echo [2] WinHTTP proxy (system/background services)
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo(
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo(
echo ==============================================
echo Check complete.
echo ==============================================

endlocal
pause
--
Efficiency is turning 4 clicks into 3 & 3 clicks into 2 & 2 clicks into 1.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Marion wrote:

Included below is an OPTIONAL proxy-checking script that I wrote early on which outputs what is happening when Psiphon.bat is setting & unsetting things, along with Psiphon itself syncing stuff when starts & stops.
C:\data\sys\batch\checkproxy.bat
Win+R > checkproxy

Here is a sample output from the OPTIONAL checkproxy status reporter.
Win+R > checkproxy
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\checkproxy.exe
@=C:\data\sys\batch\checkproxy.bat

BEFORE:
==============================================
WINDOWS PROXY CONFIGURATION CHECK
==============================================
PAC file found at C:\data\sys\batch\proxy.pac
PAC file SHA256 hash:
SHA256 hash of C:\data\sys\batch\proxy.pac:
2517c249250634f579524fae59194aee32a4498a5c6bbf3cf4ef40b3d493bb46
CertUtil: -hashfile command completed successfully.

[1] WinINET / Internet Settings
Proxy is DISABLED

[2] WinHTTP proxy (system/background services)

Current WinHTTP proxy settings:

Direct access (no proxy server).


[3] PAC / AutoDetect
No PAC script URL found.
Auto-detect is DISABLED

==============================================
Check complete.
==============================================
Press any key to continue . . .

AFTER:
waiting for mongoose... (added in v2.0)
Run proxy sync...
Sync WinINET into WinHTTP...

Current WinHTTP proxy settings:

Direct access (no proxy server).

Done.
============================================
WINDOWS PROXY CONFIG CHECK
============================================

[1] WinINET
Proxy DISABLED

[2] WinHTTP
WinHTTP proxy already set

Current WinHTTP proxy settings:

Direct access (no proxy server).


[3] PAC / AutoDetect
PAC URL: http://127.0.0.1/proxy.pac
PAC logic: Bypass Gmail, Amazon Vine, Copilot
Other traffic via SOCKS proxy 127.0.0.1:1080
Auto-Detect DISABLED

============================================
Proxy check complete
============================================
Apply PAC logic...
Set PAC URL: http://127.0.0.1/proxy.pac
============================================
WINDOWS PROXY CONFIG CHECK
============================================

[1] WinINET
Proxy DISABLED

[2] WinHTTP
WinHTTP proxy already set

Current WinHTTP proxy settings:

Direct access (no proxy server).


[3] PAC / AutoDetect
PAC URL: http://127.0.0.1/proxy.pac
PAC logic: Bypass Gmail, Amazon Vine, Copilot
Other traffic via SOCKS proxy 127.0.0.1:1080
Auto-Detect ENABLED

============================================
Proxy check complete
============================================
Re-capturing final status...
PAC URL: http://127.0.0.1/proxy.pac
Auto-Detect ENABLED

Current WinHTTP proxy settings:

Proxy Server(s) : http=127.0.0.1:63750;https=127.0.0.1:63750;socks=127.0.0.1:1080
Bypass List : <local>;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;169.254.*;[fc*];[fd*];[fe8*];[fe9*];[fea*];[feb*]
--
The Psiphon proxy is much faster than system-wide VPN typically is.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Marion wrote:

==============================================
WINDOWS PROXY CONFIGURATION CHECK
==============================================
PAC file found at C:\data\sys\batch\proxy.pac
SHA256 hash of C:\data\sys\batch\proxy.pac:

Ooops. I belatedly realized I had not posted the PAC file in the OP.
From: Marion <marionf@fact.com>
Newsgroups: alt.comp.os.windows-10,alt.comp.os.windows-11,alt.msdos.batch
Subject: Tutorial: Build a one-click Windows custom SOCKS5 proxy
client using freeware
Date: Thu, 18 Sep 2025 07:30:02 -0000 (UTC)
Message-ID: <10agcdq$2e02$1@nnrp.usenet.blueworldhosting.com>
<https://al.howardknight.net/?STYPE=msgid&MSGI=%3C10agcdq%242e02%241%40nnrp.usenet.blueworldhosting.com%3E>

The custom PAC file is optional, of course, but it allows you to bypass finicky domains, where I get tens of thousands of dollars of "free stuff"
from Amazon Vine every year, so I don't want to piss the Vine Robots off
by changing IP addresses constantly on them (since you have to log in to
get free stuff) <https://amazon.com/vine/about> and, of course, I use TB/BB
to log into Google Gmail servers where Google hates it when my IP changes
(it finally got used to my system time changing randomly as per scripting).

/*
proxy.pac C:\data\sys\batch\proxy.pac (20250902)
This is version 1.2
Selectively bypass proxy for sites sensitive to tunneling or IP shifts:
- Google services (search, news, mail, etc. but Thunderbird is stupid).
- Amazon (especially the Amazon Vine Voice program)
- Microsoft domains (Copilot, Bing, etc.)
All other traffic routed through local SOCKS proxy at 127.0.0.1:1080

Useful for split-tunnel setups where trusted domains go direct
but everything else is encrypted via Psiphon SOCKS5 proxy.

If needed, test PAC web access and fundamental logic with:
- https://pactester.brdbnt.com/
- https://github.com/termsl/WPADChecker
- curl http://127.0.0.1/proxy.pac

Version 1.0 (added Amazon Vine Voice https://amazon.com/vine/about)
Version 1.1 (added Google Gmail but I need to add it to Thunderbird)
Version 1.2 (added Microsoft sites for practice adding domains)
*/

function FindProxyForURL(url, host) {
// Bypass Gmail & Google (but Thunderbird needs to be set up right)
if (shExpMatch(host, "*.google.com") ||
shExpMatch(host, "*.gmail.com") ||
shExpMatch(host, "mail.google.com")) {
return "DIRECT";
}

// Bypass Amazon Vine https://amazon.com/vine/about
if (shExpMatch(host, "*.amazon.com") ||
shExpMatch(host, "amazon.com")) {
return "DIRECT";
}

// Bypass Copilot & Microsoft domains for practice
if (shExpMatch(host, "*.copilot.microsoft.com") ||
shExpMatch(host, "*.bing.com") ||
shExpMatch(host, "*.microsoft.com")) {
return "DIRECT";
}

// All other traffic via SOCKS
return "SOCKS 127.0.0.1:1080";
}

In addition, you can NOT set up Thunderbird for SOCKS5 via Psiphon.
1. Thunderbird:
Tools > Settings > Network & Disk Space > Connection > Settings...
2. In the Connection Settings dialog:
a. Select "Manual proxy configuration"
b. Under "SOCKS Host", enter: 127.0.0.1
c. Port: 1080
d. Choose "SOCKS v5"
3. Leave "HTTP Proxy", "SSL Proxy" & "FTP Proxy" blank.
4. Optionally check "Use proxy server for all protocols" if needed.
5. Click "OK" to save.

Why not?
A. Thunderbird does not use Windows proxy settings or PAC files.
B. You must configure proxy settings manually inside Thunderbird.
C. If Psiphon is not running, connections through 127.0.0.1:1080 will fail.
D. For automation, you can launch Thunderbird via a batch script
that sets environment variables like:
set SOCKS_PROXY=127.0.0.1:1080
start thunderbird.exe
E. Which you can tie into an easy command in the system registry
Win+R > tb
Where tb is defined in the registry App Paths key as
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\tb.exe
And where tb.exe is a keyword pointing to tb.lnk or tb.bat files.

Unfortunately, Thunderbird does not use PAC file logic, even if we
configure it to use a SOCKS proxy. Sigh. They don't know how to code.

When we manually set Thunderbird to use 127.0.0.1:1080 as a SOCKS5 proxy,
it sends all traffic through that proxy regardless of any of those special
PAC rules defined in proxy.pac above.

Thunderbird does not support domain-based proxy exceptions
If I use "Manual proxy configuration" with SOCKS 127.0.0.1:1080,
then all traffic goes through Psiphon but Google hates IP changes.
There is no built-in way in TB to exclude Gmail while proxying others.

PAC files are only interpreted by applications that support automatic proxy configuration via system settings (like most browsers). Unfortunately for
us, Thunderbird does not read or apply PAC logic internally.

So even if my PAC file says to bypass Gmail and go direct, Thunderbird will still send Gmail traffic through the SOCKS proxy unless I manually exclude
it or use a different method.

The only way I know around Thunderbird's lack of proper coding is to make Thunderbird connect directly to Gmail (without routing through Psiphon).

To do that, I need to bypass the SOCKS proxy for Gmail-related domains.
Since Thunderbird does not support PAC files or system proxy exceptions, we must do this manually (aurgh!). I hate doing anything manually. Sigh.

OPTION 1: Disable proxy in Thunderbird entirely
a. Tools > Settings > Network & Disk Space > Connection > Settings...
b. Select "No proxy"
c. This sends all traffic directly, including Gmail

Thunderbird does not support domain-based proxy exceptions
If you use "Manual proxy configuration" with SOCKS 127.0.0.1:1080,
then all traffic goes through Psiphon
There is no built-in way to exclude Gmail while proxying other traffic

OPTION 2: Launch Thunderbird with proxy environment variables. Yuck.
a. Set environment variables before launching Thunderbird:
set NO_PROXY=google.com,gmail.com
set SOCKS_PROXY=127.0.0.1:1080
start thunderbird.exe
Note: This may work for some protocols, but Thunderbird does not
fully honor NO_PROXY for IMAP/SMTP, so it's an ugly workaround.

While Betterbird is a fork of Thunderbird that focuses on usability improvements, bug fixes and faster feature delivery, unfortunately
Betterbird uses the exact same sophomoric proxy engine as Thunderbird.

In short, TB/BB does not support smart split proxy logic like browsers do,
so bypassing Gmail while using Psiphon requires trade-offs in our setup.
--
Note that a.c.s.t was added only for this one related post of the dozen.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Marion wrote:

OPTION 1: Disable proxy in Thunderbird entirely
a. Tools > Settings > Network & Disk Space > Connection > Settings...
b. Select "No proxy"
c. This sends all traffic directly, including Gmail

Thunderbird does not support domain-based proxy exceptions
If you use "Manual proxy configuration" with SOCKS 127.0.0.1:1080,
then all traffic goes through Psiphon
There is no built-in way to exclude Gmail while proxying other traffic

OPTION 2: Launch Thunderbird with proxy environment variables. Yuck.
a. Set environment variables before launching Thunderbird:
set NO_PROXY=google.com,gmail.com
set SOCKS_PROXY=127.0.0.1:1080
start thunderbird.exe

A customizable-domain proxy client is great, but some Windows apps, like Thunderbird/Betterbird, won't use the intelligent PAC file to determine
which domains should bypass the proxy and which should be tunneled.

I'm not sure which mail domains are finicky (e.g., protonmail?) but in my experience, Google's servers hate it when I use VPN and/or SOCKS proxy.

So the simplest option is to turn off the TB/BB proxy setting altogether.

I'm in Betterbird 102.10.1-bb34 (64-bit) where the settings to make
Betterbird connect directly to Gmail (without using a proxy) are...
1. Start Betterbird 102.10.1-bb34
2. Go to "Tools > Settings > General"
3. Scroll down to "Network & Disk Space"
4. Click the "Connection" [Settings...] button.
5. In the Connection Settings dialog is a section titled
"Configure Proxies to Access the Internet"
6. The default is "Use system proxy settings"
7. Change that to "No proxy" if you're using GMail, which is finicky.
8. Click "OK" to save and exit.

This should be exactly the same for Thunderbird since BetterBird
improvements don't extend to the proxy mechanism of Thunderbird.

Turning off the proxy mechanism ensures Betterbird bypasses any SOCKS proxy
or system proxy settings and connects directly to Gmail servers using the normal internet connection.

If you know of a way to get TB to respect Windows PAC files, let me know!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

This is optional, for privacy since Psiphon phones home upon invocation,
where below is a dummybrowser.bat file which captures rogue URI calls.

This other piece of the evolving puzzle which was solved within days of installing Psiphon, which is that when executed, it phones home to a server.

Worse, see sig, it adds a LOT of fingerprinting data to that call home!

Not only does it phone home to a web server, but it provides that web
server with a ton of fingerprinting information you'd rather not give it.

It's hard coded into Psiphon, but you can intercept it so it never makes it onto the Internet, where there are many ways to intercept rogue URIs.

I chose to change the default browser but there are many other ways.
Note that you "can" set up a default browser to a batch file (*.bat)
but I didn't know that at the time I set it up as it's not one
of the options by default, so I converted the batch to an executable.

At first I tried the native Windows bat-to-exe converter wizard
C:\Windows\System32\IExpress.exe
But after a few attempts, I switched to the Bat_To_Exe_Converter.
<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
Name: Bat_To_Exe_Converter_x64.exe
Size: 2106368 bytes (2057 KiB)
SHA256: 1399EDE8F024E70025E55321D25BEAB7104A32E79512B11B4FFC779C82542CC6

Here's how I set dummybrowser.bat -> exe to the default web browser.

1. Write the dummybrowser.bat file (included below for completeness).

2. Convert the dummybrowser.bat batch file to an EXE:
a. Open the Bat_To_Exe_Converter_x64.exe freeware converter
b. File > Open > C:\data\sys\batch\dummybrowser.bat
c. Set options:
Exe-Format: 32-bit
Interface: Console (Visible)
Leave other fields blank
d. Click Convert
e. Save as: C:\data\sys\batch\dummybrowser.exe

3. Create a Windows registry entry for your dummy browser:
a. Open an elevated command prompt (Win+R > cmd {ctrl+shift+enter})
b. Run the following command to add the registry key:
reg add "HKLM\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command" /ve /d "\"C:\\data\\sys\\batch\\dummybrowser.exe\" \"%1\"" /f

4. Set your dummybrowser executable as the default Windows browser:
a. Open Windows Settings (Win+I)
b. Go to Apps > Default apps
c. Scroll to "Web browser"
d. Click the current browser icon
e. Choose "Dummy Browser" from the list

5. Verify interception:
a. Run: C:\data\sys\batch\dummybrowser.exe "https://example.com"
b, Check log file: type C:\data\sys\log\dummybrowser.log
c. Confirm entries are logged

NOTES:
A. dummybrowser.exe will now intercept all system-level browser calls
B. It's useful for logging or blocking rogue outbound traffic
C. I used gVim but you may need to change the path to NotePad++

Here's the dummybrowser.bat code (which can be greatly improved).
@echo off
REM C:\data\sys\batch\dummybrowser.bat 20250819
REM This is rev 2.0
REM All calls to the default web browser are intercepted & logged
REM C:\data\sys\batch\dummybrowser.bat 20250916 revision 1.8
REM C:\data\sys\batch\dummybrowser.bat 20250916 revision 1.9
REM Removed gVim launch so the log is now read only when displayed
REM C:\data\sys\batch\dummybrowser.bat 20250916 revision 2.0
REM Restored gVim launch in read-only mode to view log w/o locking
:: Batch to be converted to an exe to be easily set as the default browser
:: Start clean by deleting any existing log files.
:: del C:\data\sys\log\dummybrowser.log
:: Open admin prompt (Win+R > cmd {ctrl+shft+enter} & kill leftovers
:: taskkill /IM dummybrowser.exe /F
:: Start GitHub Bat_To_Exe_Converter_x64.exe
:: <https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
:: File > Open > C:\data\sys\batch\dummybrowser.bat
:: Options: Exe-Format: 32-bit | Console (Visible)
:: Leave all other fields blank/unchecked
:: Click Convert
:: Save as: C:\data\sys\batch\dummybrowser.exe
:: To test, run in a command prompt:
:: C:\data\sys\batch\dummybrowser.exe test123
:: [Tue 09/16/2025 16:55:50.72] Attempted launch: (fingerprint)
:: C:\data\sys\batch\dummybrowser.exe test123
:: C:\data\sys\batch\dummybrowser.exe "https://abc.com/?a=1&b=2"
:: Verify both entries in: C:\data\sys\log\dummybrowser.log
:: type C:\data\sys\log\dummybrowser.log
:: Confirm registry entry for default browser options exists.
:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command]
:: @="\"C:\\data\\sys\\batch\\dummybrowser.exe\" \"%1\""
:: Check that dummybrowser is set as the default browser
:: Win+I > Apps > Default apps > Web browser > Choose Dummy Browser

set LOGFILE=C:\data\sys\log\dummybrowser.log

REM Append new entry
echo [%date% %time%] Attempted launch: %* >> %LOGFILE%

REM Open log in gVim read-only and exit immediately
start "" "C:\app\editor\txt\vim\gvim.exe" -R "%LOGFILE%"

exit /b

Note that this dummy browser, while useful with for Psiphon, is not required. --
This is an actual capture from my dummy browser log file.
[Wed 09/17/2025 9:26:06.04] Attempted launch: C:\data\sys\batch\dummybrowser.exe "https://ipfounder.net/?sponsor_id=1CD935B4F29412DA&sponsor=psiphon&client_region=US&client_asn=32829&client_platform=windows&secret=580XghQJ18zK2gpxV7cfR3wTEUydcHK8KCEryhkes6QJtmRDF1xnPQqvydpwxzUvZtqnvT5yqLFnfXEnUgie7m9kiW8P4QRZpir3j7eFeLKC5DhM7EloZTFNu3DD8XKux2MBY6mcdUC7jqhVy17xynvEMaZ2bkfdgQHCrgsRKej3r7uc1HTGg2PL4y2rYLxzknOQc4K&psireason=connect&psicash=eyJtZXRhZGF0YSI6eyJjbGllbnRfcmVnaW9uIjoiVVMiLCJjbGllbnRfdmVyc2lvbiI6IjE4NiIsInByb3BhZ2F0aW9uX2NoYW5uZWxfaWQiOiI5MkFBQ0M1QkFCRTA5NDRDIiwic3BvbnNvcl9pZCI6IjFDRDkzNUI0RjI5NDEyREEiLCJ1c2VyX2FnZW50IjoiUHNpcGhvbi1Qc23DYXNoLVdpbmRvd3MiLCJ4IjoxfSwidGltZXN0YW1wIjoiMjAyNS0wOS0xN1QxNToyNjowNS42NDBaIiwidG9rZW5zIjpidWxsLCJ2IjoxfD"
[Wed 09/17/2025 10:24:25.23] Attempted launch: C:\data\sys\batch\dummybrowser.exe "https://ipfounder.net/?sponsor_id=1CD935B4F29412DA&sponsor=psiphon&client_region=US&client_asn=32829&client_platform=windows&secret=580XghQJ18zK2gpxV7cfR3wTEUydcHK8KCEryhkes6QJtmRDF1xnPQqvydpwxzUvZtqnvT5yqLFnfXEnUgie7m9kiW8P4QRZpir3j7eFeLKC5DhM7EloZTFNu3DD8XKux2MBY6mcdUC7jqhVy17xynvEMaZ2bkfdgQHCrgsRKej3r7uc1HTGg2PL4y2rYLxzknOQc4K&psireason=connect&psicash=eyJtZXRhZGF0YSI6eyJjbGllbnRfcmVnaW9uIjoiVVMiLCJjbGllbnRfdmVyc2lvbiI6IjE4NiIsInByb3BhZ2F0aW9uX2NoYW5uZWxfaWQiOiI5MkFBQ0M1QkFCRTA5NDRDIiwic3BvbnNvcl9pZCI6IjFDRDkzNUI0RjI5NDEyREEiLCJ1c2VyX2FnZW50IjoiUHNpcGhvbi1Qc23DYXNoLVdpbmRvd3MiLCJ4IjoxfSwidGltZXN0YW1wIjoiMjAyNS0wOS0xN1QxNjoyNDoyNS4xMjJaIiwidG9rZW5zIjpidWxsLCJ2IjoxfD"
[Wed 09/17/2025 11:46:38.25] Attempted launch: C:\data\sys\batch\dummybrowser.exe "https://ipfounder.net/?sponsor_id=1CD935B4F29412DA&sponsor=psiphon&client_region=US&client_asn=32829&client_platform=windows&secret=580XghQJ18zK2gpxV7cfR3wTEUydcHK8KCEryhkes6QJtmRDF1xnPQqvydpwxzUvZtqnvT5yqLFnfXEnUgie7m9kiW8P4QRZpir3j7eFeLKC5DhM7EloZTFNu3DD8XKux2MBY6mcdUC7jqhVy17xynvEMaZ2bkfdgQHCrgsRKej3r7uc1HTGg2PL4y2rYLxzknOQc4K&psireason=connect&psicash=eyJtZXRhZGF0YSI6eyJjbGllbnRfcmVnaW9uIjoiVVMiLCJjbGllbnRfdmVyc2lvbiI6IjE4NiIsInByb3BhZ2F0aW9uX2NoYW5uZWxfaWQiOiI5MkFBQ0M1QkFCRTA5NDRDIiwic3BvbnNvcl9pZCI6IjFDRDkzNUI0RjI5NDEyREEiLCJ1c2VyX2FnZW50IjoiUHNpcGhvbi1Qc23DYXNoLVdpbmRvd3MiLCJ4IjoxfSwidGltZXN0YW1wIjoiMjAyNS0wOS0xN1QxNzo0NjozNy43MjdaIiwidG9rZW5zIjpidWxsLCJ2IjoxfD"
[Thu 09/18/2025 2:52:35.33] Attempted launch: C:\data\sys\batch\dummybrowser.exe "https://ipfounder.net/?sponsor_id=1CD935B4F29412DA&sponsor=psiphon&client_region=US&client_asn=32829&client_platform=windows&secret=580XghQJ18zK2gpxV7cfR3wTEUydcHK8KCEryhkes6QJtmRDF1xnPQqvydpwxzUvZtqnvT5yqLFnfXEnUgie7m9kiW8P4QRZpir3j7eFeLKC5DhM7EloZTFNu3DD8XKux2MBY6mcdUC7jqhVy17xynvEMaZ2bkfdgQHCrgsRKej3r7uc1HTGg2PL4y2rYLxzknOQc4K&psireason=connect&psicash=eyJtZXRhZGF0YSI6eyJjbGllbnRfcmVnaW9uIjoiVVMiLCJjbGllbnRfdmVyc2lvbiI6IjE4NiIsInByb3BhZ2F0aW9uX2NoYW5uZWxfaWQiOiI5MkFBQ0M1QkFCRTA5NDRDIiwic3BvbnNvcl9pZCI6IjFDRDkzNUI0RjI5NDEyREEiLCJ1c2VyX2FnZW50IjoiUHNpcGhvbi1Qc23DYXNoLVdpbmRvd3MiLCJ4IjoxfSwidGltZXN0YW1wIjoiMjAyNS0wOS0xN1QxNzo0NjozNy43MjdaIiwidG9rZW5zIjpidWxsLCJ2IjoxfD"
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Arlen,

This other piece of the evolving puzzle which was solved within
days of installing Psiphon, which is that when executed, it phones
home to a server.

Really ? "it phones home to a server" ? Either you have no idea how a VPN (for hiding your IP) works, or you forgot to add some information.

Also, have you ever thought about checking what that server it "phones home" to actually is ? No ? Why not ?

Furthermore, do you think that if the makers of Psiphon wanted grab some private data from your 'puter they could not have simply added another connection to the tunnel it creates - leaving you none-the-wiser ?

iow, the Psiphon client software does not need that "dummy browser" of yours to connect with the internet. Worse, it would make the the whole "phoning home" thing needlesly complicated.

-- But if it actually "phones home" to grab data from your machine that way (unlikely) than do remember the old saying : when you get stuff for free its likely you are the product, not the customer.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Marion wrote:

Turning off the proxy mechanism ensures Betterbird bypasses any SOCKS proxy or system proxy settings and connects directly to Gmail servers using the normal internet connection.

If you know of a way to get TB to respect Windows PAC files, let me know!

Thinking about the solution as I rarely (if ever) fail, I think I may have found an easy cross-platform open source solution to that problem set...

A PAC (Proxy Auto Config) file is a JavaScript file used by browsers or
other applications that support the PAC standard. For each URL or host it decides whether to send the request through a proxy or connect directly. It only works for software that can load and follow a PAC file. PAC files are generally limited to controlling HTTP and HTTPS traffic and do not handle other protocols such as IMAP or SMTP. Programs that ignore proxy settings
such as Thunderbird or Betterbird (which are not browsers) will not be affected.

To make Thunderbird follow proxy rules we need an external tool that can intercept its connections. My first choice would be an open source
proxifier such as SocksCap64 which can force Thunderbird to use a proxy. However SocksCap64 cannot apply different rules for different domains and
will send all traffic through the same proxy without selective routing.
<https://sourceforge.net/projects/sockscap64/>

<https://netactuate.dl.sourceforge.net/project/sockscap64/SocksCap64-setup-3.6.exe>
Name: SocksCap64-setup-3.6.exe
Size: 6193115 bytes (6047 KiB)
SHA256: B2DA49EC9A2702CFD7625D3F152AF98A4C8E3E155DAB78686962BB3DF1F76825

This is where the cross-platform open-source NekoBox may come in handy.
<https://github.com/MatsuriDayo/nekoray

<https://github.com/MatsuriDayo/nekoray/releases/download/4.0.1/nekoray-4.0.1-2024-12-12-windows64.zip>
Name: nekoray-4.0.1-2024-12-12-windows64.zip>
Size: 41719145 bytes (39 MiB)
SHA256: A492224792C38BD1A3B7A5438B1431C5CB4260F55E9A121DB3B2CE1603F7664A

NekoRay or NekoBox is an open source V2Ray/Sing box proxy manager with a graphical interface that sits between our applications & our upstream
proxy such as Psiphon. Unlike proxifiers such as SocksCap64, NekoBox can
apply user-defined specific-domain routing rules so that some domains or IP ranges go through a proxy while others connect directly (bypassing
proxies).

NekoRay can also handle multiple protocols including HTTP HTTPS SOCKS
IMAP SMTP and more which allows it to apply selective routing to non HTTP traffic. By pointing Thunderbird to NekoBox instead of directly to Psiphon
we should be able to recreate the selective routing logic of a PAC file and apply it to applications that do not support PAC files at all.

In practice this means we can keep using the PAC file to control proxy behavior for web browsers exactly as we do now while letting NekoRay handle the same selective routing for Thunderbird. We would configure NekoRay so
that Gmail IMAP and SMTP servers are marked as direct connections and all other destinations are sent through Psiphon. Thunderbird would be pointed
to NekoRay's local listener instead of Psiphon directly so NekoRay can
enforce those rules. The end result is a unified setup where browsers
follow the PAC file and non browser applications such as Thunderbird follow equivalent rules inside NekoRay giving us consistent split tunnel behavior across all software.

I am testing it as we speak but I post this 1st to ask if anyone has a
better solution to force Thunderbird to selectively route so that all
traffic goes through the proxy except the Google GMail server traffic.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

UPDATE

In another thread today I described how I installed & ran a YouTube client that allowed me to view YouTube videos without logging in & without any ads (both the type of ads that YouTube inserts & even creator-inserted ads).
a. Pre-roll ads (before the video starts)
b. Mid-roll ads (interrupting the video)
c. Banner ads (overlaying the video)
d. Sidebar ads (on the YouTube page)
e. Sponsor blocks (remove known ads inserted by creators)
<https://freetubeapp.io/>

The YouTube client I tested today was FreeTube, which worked well.
But it was obstinate during a proxy that it didn't like my proxy.
Worse, AFTER the proxy was shut down, it failed until I rebooted.

Huh?
Why did FreeTube barf when I killed the proxy but nothing did before it?

Turns out my script to kill the proxy needed a LOT of improvements!
The FreeTube "app" is apparently a web browser using system-proxy settings.

It was still using "some" of the proxy settings even though the proxy
was no longer running. I hadn't noticed before that this happened.

Hence, here's a working script to KILL the proxy & wipe it off Windows.

@echo off
REM C:\data\sys\batch\psiphonstop.bat version 1.0 20250819
REM This is psiphonstop.bat version 1.9
REM Close Psiphon GUI first to let it attempt its own cleanup.
REM Then run psiphonstop.bat to:
REM 1. Check for any lingering processes (Psiphon or Mongoose).
REM 2. Kill any lingering processes (Psiphon or Mongoose).
REM 3. Reset WinINET and WinHTTP proxy settings.
REM 4. Log the shutdown for traceability in mongoose & proxy logs.
REM Additions in version 1.0 (41 lines)
REM As admin, it stops Psiphon GUI, Mongoose, and resets proxy settings
REM Logs shutdown event to proxy.log and mongoose.log for lifecycle tracking
REM Changes in version 1.1 (46 lines)
REM Added Psiphon GUI termination step (v1.1)
REM Added [STOP] prefix to log entries for clarity (v1.1)
REM Changes in version 1.2 (56 lines)
REM Added conditional checks for running processes before attempting kill/log
REM Only logs shutdown events if process was found running
REM 20250920 psiphonstop.bat 1.3 (68 lines)
REM Fixed Registry Key Not Found error when run with nothing to do
REM Fixed "reset" not a command error by removing the ampersand in the echo
REM 20250920 psiphonstop.bat 1.4 (79 lines)
REM Added better error checking to see if Psiphon or Mongoose are running
REM Added a closer line in the console
REM 20250920 psiphonstop.bat 1.5 (89 lines)
REM Added better explanation of the registry changes in the console output
REM 20250920 psiphonstop.bat 1.6 (108 lines)
REM Set ProxyEnable to 0 so the system knows to bypass proxies (v1.6)
REM Clear ProxyOverride if Psiphon used custom bypass rules (v1.6)
REM Flush DNS and restart networking stack (v1.6)
REM 20250920 psiphonstop.bat 1.7 (121 lines)
REM Exported keys before deletion, just in case (v1.7)
REM fully refresh network adaptor (optional) v1.7
REM 20250920 psiphonstop.bat 1.8 (138 lines)
REM Check for environment proxy settings (v1.8)
REM add browser cache flush and settings reminder (v1.8)
REM add summary log entry with system state (v1.8)
REM Add a success beep or visual cue (v1.8)
REM 20250920 psiphonstop.bat 1.9 (152 lines)
REM Added version banner
REM Log envvars (v1.9)
REM Add browser-specific cleanup reminders (v1.9)

echo ----------------------------------------
echo Psiphonstop.bat v1.9 - Proxy Reset Tool
echo ----------------------------------------

:: --- Elevate to admin if not already ---

nul 2>&1 net session

if %errorlevel% neq 0 (
echo Requesting administrative privileges...
powershell -Command "Start-Process '%~f0' -Verb RunAs"
exit /b
)

REM Check if Psiphon GUI is running (updated for better errors) v1p4
tasklist /fi "imagename eq psiphon3.exe" | find /i "psiphon3.exe" >nul
if %errorlevel%==0 (
taskkill /f /im psiphon3.exe >nul 2>&1
echo [%DATE% %TIME%] [STOP] Psiphon GUI terminated by psiphonstop.bat >> C:\data\sys\log\proxy.log
) else (
echo [%DATE% %TIME%] [STOP] No Psiphon GUI process found >> C:\data\sys\log\proxy.log
)

REM Check if Mongoose is running (updated checks in v1.4)
tasklist /fi "imagename eq mongoose.exe" | find /i "mongoose.exe" >nul
if %errorlevel%==0 (
taskkill /f /im mongoose.exe >nul 2>&1
echo [%DATE% %TIME%] [STOP] Mongoose terminated by psiphonstop.bat >> C:\data\sys\batch\mongoose.log
) else (
echo [%DATE% %TIME%] [STOP] No Mongoose process found >> C:\data\sys\batch\mongoose.log
)


REM Exported keys before deletion, just in case (v1.7)
reg export "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" C:\data\sys\log\proxy_before_reset.reg

REM Reset WinINET proxy settings
echo Resetting WinINET proxy registry values...
REM Fixed Registry Key Not Found error when run with nothing to do (v1.3)
:: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /f >nul
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /f 2>nul

echo reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL /f 2>nul

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect /t REG_DWORD /d 0 /f >nul

echo reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect /t REG_DWORD /d 0 /f >nul

:: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f >nul
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f 2>nul
echo reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f 2>nul

:: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f >nul
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f 2>nul
echo reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f 2>nul

REM v1p6
REM Deleting ProxyEnable and ProxyServer does not restore direct access.
REM Set ProxyEnable to 0 so the system knows to bypass proxies (v1.6)
REM Windows interprets missing values differently than explicitly set ones.
REM Explicitly set ProxyEnable to 0 so the system knows to bypass proxies.
REM Now Windows knows to use direct access, not |no proxy server defined.i
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

REM Clear ProxyOverride if Psiphon used custom bypass rules (v1.6)
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f

REM Flush DNS and restart networking stack (v1.6)
ipconfig /flushdns
netsh int ip reset

echo Registry operations completed with Proxy settings cleared or updated.

REM Reset WinHTTP proxy settings
netsh winhttp reset proxy

REM Always log proxy reset regardless of process status
echo [%DATE% %TIME%] [STOP] Proxy settings reset by psiphonstop.bat >> C:\data\sys\log\proxy.log

REM Fixed "reset" unrecognized command error by removing ampersand (v1p3)
:: echo Psiphon, proxy settings, and Mongoose have been logged & reset.
echo "Psiphon, proxy settings and Mongoose have been logged and reset."

REM Check for environment proxy settings (v1.8)
set | findstr /i proxy
REM Log envvars (v1.9)
set | findstr /i proxy >> C:\data\sys\log\proxy_envvars.log

REM fully refresh network adaptor (optional) v1.7
netsh winsock reset

REM add browser cache flush and settings reminder (v1.8)
echo Reminder: Disable any proxy/VPN browser extensions manually.
echo Reminder: Clear browser cache or try Incognito mode if issues persist.

REM Add browser-specific cleanup reminders (v1.9)
echo Chrome: chrome://settings/system > disable |Use proxyi
echo Firefox: about:preferences > Network Settings > |No proxyi

REM add summary log entry with system state (v1.8)
echo [%DATE% %TIME%] [STOP] Proxy teardown complete. System set to direct access. >> C:\data\sys\log\proxy.log

REM Added a console output for closure (v1.4)
echo [%DATE% %TIME%] Psiphonstop.bat completed. See logs for details.

REM Add a success beep or visual cue (v1.8)
echo Operation complete. System proxy is OFF.
powershell -c "[console]::beep(1000,300)"

pause
--
That thread about YouTube clients is this one from today:
From: Marion <marionf@fact.com> alt.comp.os.windows-10,alt.comp.os.windows-11,alt.comp.microsoft.windows
What are your experiences with free Windows YouTube replacement clients?
Date: Sat, 20 Sep 2025 22:32:49 -0000 (UTC)
Message-ID: <10ana2g$2noo$1@nnrp.usenet.blueworldhosting.com>
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Today I installed and tested FreeGate, which is "similar" to Psiphon
in that FreeGate provides a DIFFERENT way for a free encrypted proxy.

Here's my installation log, so that others can follow in my footsteps.

We'll start with a series of increasing detail by way of comparison.
Psiphon is SOCKS5 & HTTP:
a. Encrypted tunnel (SSH-based)
b. Works with any SOCKS5-aware app
c. Broader coverage for privacy

Freegate is HTTP:
a. Encrypted HTTP proxy
b. Limited to apps using Windows proxy
c. Narrower coverage, browser-focused

SOCKS5 support:
Psiphon runs a local SOCKS5 proxy (typically on 127.0.0.1:1080)
in addition to an HTTP proxy.
Freegate does not expose a SOCKS5 proxy port.
It only provides a local HTTP/HTTPS proxy (usually on 127.0.0.1:8580).

Encryption:
Traffic between your client and Psiphonos servers is encrypted.
When using the SOCKS5 port, the traffic is wrapped in an SSH-based
tunnel with obfuscation before leaving your machine.
Traffic between your client and Dynawebos servers (Freegate) is
also encrypted, but it is not a SOCKS5 tunnel and not a standard
VPN. It uses a proprietary encrypted HTTP proxy protocol.

Comparison of Psiphon and Freegate
Feature | Psiphon | Freegate |
------- ------- --------
Platform | Windows, Android, iOS | Windows |
Distribution | Official sites, stores| Mirrors, updater |
Protocols | SSH, VPN, HTTP proxy | Dynaweb proxy |
Local ports | 1080 (SOCKS), 33111 | 8580 |
GUI | Modern, usage stats | Simple, log window |
Auto update | Yes | Yes (prompts) |
Tunnel modes | VPN, SSH+, Split | A, F, M |
System proxy | Auto or manual | Auto WinINET |
Cross-app support | Yes (VPN mode) | Yes (system proxy) |
Open source | Client is open source | Closed source |
Typical use | Censorship, privacy | Censorship (China) |
1. Download & unzip the FreeGate version 7.90 portable zip file.
<https://www.techspot.com/downloads/6243-freegate.html>
Click the "Download Freegate" button
Choose either the EXE or ZIP version.
Name: fg790p.zip
Size: 6900787 bytes (6739 KiB)
SHA256: 8BD7F8DFEFA73DE07CC0C32265174681BACE7DF90EF2CCFB60F3B8473E3607CA

When I used FreeGate 7.90, it asked to download & use version 8.05:
Name: fg805p.exe
Size: 8135672 bytes (7944 KiB)
SHA256: 608DDDD745143F977BECB15A63FB49855B6672E4E53AA87833CA818A159FC1D1

Had I known that, I would have downloaded first from Gizmodo instead:
<https://gizmodo.com/download/freegate> (file size & hash checks out)

2. If you downloaded the ZIP file:
a. Right-click the ZIP file and select "Extract All..."
b. Choose a destination folder (e.g., C:\app\network\freegate\)
c. And click "Extract"

3. Double-click "fg790p.exe" to launch Freegate.
When you launch fg790p.exe, Freegate opens its control panel titled
"FreeGate Proxy Control", which lets you:
a. See connection status to Freegate's proxy servers.
b. Choose between different proxy modes (e.g., Classic or Smart).
c. View logs and diagnostics.
d. Launch a browser window preconfigured to use Freegate's proxy.
This panel is the gateway to managing how Freegate tunnels your traffic.

4. In the "FreeGate Proxy Control" panel, your choices are:
(_)All websites go through Freegate proxy
(o)Connect to websites in China directly
(and not through FreeGAte proxy)
[x]Skip this window when program starts

5. Select the option:
(o)All websites go through Freegate proxy
This ensures that all your internet traffic that obeys the
Windows system proxy (which stack?) should be routed through
Freegate's encrypted tunnel.

Also uncheck (for now):
[_]Skip this window when program starts

Press the blue "OK" button in the Freegate Proxy Control panel.

6. A Dynaweb FreeGate window should pop up saying something like:
[Freegate 7.90 Professional Edition]
Connected to 7 Servers, port: 8580,
Tunnel(A)

7. You may also get a belated Windows-Defender popup:
Windows Defender Firewall has blocked some features of this app.
Windows Defender Firewall has blocked some features of
Freegate on all public and private networks.
Name: Freegate
Publisher: Dynamic Internet Technology, Inc.
Path: C:\app\network\freegate\fg790p.exe
Allow Freegate to communicate on these networks:
[x]Private networks, such as my home or work network
[_]Public networks, such as those in airports & coffee shops
[Allow access][Cancel]

Click the "Allow access" button in the Windows Defender Firewall prompt.
This permits Freegate to communicate over your private network
and establish proxy connections.

8. Confirm that the Dynaweb FreeGate window remains open.
a. It should display:
Connected to 7 Servers, port: 8580
Tunnel(A)
b. This indicates that Freegate is actively tunneling traffic
through its proxy network.

9. To verify that Freegate is working:
a. Open your preferred browser (e.g., Chrome or Firefox)
b. Visit https://www.whatismyip.com/
My IPv4: 65.49.38.149
c. Check if your IP address is different from your normal ISP address
d. Visit a website that is normally blocked in your region

If your IP has changed or blocked sites are accessible:
Then Freegate is successfully routing traffic through its proxy.

Check your system proxy settings.

Win+I > Network & Internet > Proxy >
Automatic proxy setup
Automatically detect settings = off
Use setup script = off
Script address = 127.0.0.1/proxy.pac (which is grayed out!)
[Save] (which is grayed out!)
Manual proxy setup
Use a proxy server = on
Address = 127.0.0.1
Port = 8580
Use the proxy server except for addresses that start with the following:
<blank>
[x]Don't use the proxy server for local (intranet) addresses
[Save]

Win+R > control > Internet Options > Internet Properties
Connections > LAN settings
Local Area Network (LAN) Settings
Automatic configuration
[_]Automatically detect settings
[_]Use automatic configuration script
Address = http://127.0.0.1/proxy.pac (grayed out!)
Proxy server
[x]Use a proxy server for your LAN
Address = [127.0.0.1] Port = [8590]
[x]Bypass proxy server for local addresses

[Advanced]
Proxy Settings
HTTP: 127.0.0.1 : 8580
Secure: 127.0.0.1 : 8580 (grayed out!)
FTP: 127.0.0.1 : 8580 (grayed out!)
Socks: <blank> (grayed out!)
[x]Use the same proxy server for all protocols
Do not use proxy server for addresses beginning with:
<blank>

10. Optional: Configure other applications to use Freegate's proxy.
a. Freegate typically runs a local proxy on 127.0.0.1:8580
b. In your browser or app settings, set:
Proxy address: 127.0.0.1
Proxy port: 8580
c. Save and apply the settings.

11. To stop using Freegate:
a. Close the Dynaweb FreeGate window by clicking its Window red (X).
b. It will ask you a few questions (and go away if you don't answer).
Exiting proxy
Freegate is exiting.
Your internet activity will no longer be protected by Dynaweb.
It is not safe to continue visiting censored websites.
You are highly recommended to close all opened applications now.
[_]Do not show this window again; close all IE windows.
[_]Do not show this window again; keep all IE windows.
[Close opened applications [30s]][Keep open]

12. To confirm Freegate has successfully reverted proxy settings

a. Open Windows Settings:
Win+I > Network & Internet > Proxy

b. Check the following:
- Automatic proxy setup:
Automatically detect settings = on
Use setup script = off
Script address = <blank>
- Manual proxy setup:
Use a proxy server = off
Address = <blank>
Port = <blank>
Don't use the proxy server for local (intranet) addresses = unchecked

c. Open Internet Options:
Win+R > control > Internet Options > Connections > LAN settings

d. Confirm:
- Automatically detect settings = checked
- Use automatic configuration script = unchecked
Address = <blank>
- Use a proxy server for your LAN = unchecked
Address = <blank>
Port = <blank>
Bypass proxy server for local addresses = unchecked

e. Click [OK] to close LAN settings
Click [OK] to close Internet Properties

Unfortunately, I didn't know about the version 8.05 available download.
When I used FreeGate 7.90 a few times, it asked to download version 8.05:
Name: fg805p.exe
Size: 8135672 bytes (7944 KiB)
SHA256: 608DDDD745143F977BECB15A63FB49855B6672E4E53AA87833CA818A159FC1D1

Had I known that, I would have used a different download site:
<https://gizmodo.com/download/freegate>
<https://gizmodo.com/download/freegate-67626-download>
Name: gizmodo_fg805p.exe
Size: 8135672 bytes (7944 KiB)
SHA256: 608DDDD745143F977BECB15A63FB49855B6672E4E53AA87833CA818A159FC1D1

So rather than rewrite my log, here are 7.90 vs 8.05 differences.

STEP 1: DOWNLOAD
Go to: https://www.techspot.com/downloads/6243-freegate.html
Version 7.90 file: fg790p.zip (SHA256: 8BD7F8DFEFA73DE07CC0C32265174681BACE7DF90EF2CCFB60F3B8473E3607CA)
Version 8.05 file: fg805p.exe (SHA256: 608DDDD745143F977BECB15A63FB49855B6672E4E53AA87833CA818A159FC1D1)

STEP 2: EXTRACT (if ZIP)
Right-click fg790p.zip
Select "Extract All..."
Choose folder (example: C:\app\network\freegate\)
Click "Extract"

STEP 3: LAUNCH
Double-click fg790p.exe (7.90) or fg805p.exe (8.05)

STEP 4: CONTROL PANEL DIFFERENCES
VERSION 7.90:
Window title: "FreeGate Proxy Control"
Options:
(_) All websites go through Freegate proxy
(o) Connect to websites in China directly
[ ] Skip this window when program starts
Must click "OK" to activate

VERSION 8.05:
Window title changed (simplified layout)
Options presented as a dropdown or single checkbox
Status/log window shows connection attempts
Fewer prompts, more automatic behavior

STEP 5: STATUS WINDOW
VERSION 7.90:
Dynaweb FreeGate window shows:
"Connected to X Servers, port: 8580, Tunnel(A)"
Tunnel modes: A, F, M

VERSION 8.05:
Console-like log output
Shows connection attempts and tunnel status
Still binds to 127.0.0.1:8580

STEP 6: FIREWALL PROMPT
Windows Defender may prompt:
"Allow Freegate to communicate..."
Select:
[x] Private networks
[ ] Public networks
Click "Allow access"

STEP 7: VERIFY FUNCTION
Open browser
Visit https://www.whatismyip.com/
Confirm IP differs from ISP
Visit a blocked site to confirm access
System proxy should show:
Address = 127.0.0.1
Port = 8580

STEP 8: EXIT BEHAVIOR
VERSION 7.90:
Exit dialog appears:
"Freegate is exiting. Your internet activity will no longer be protected..."
Options to close or keep IE windows

VERSION 8.05:
Exit dialog simplified
Still warns that proxy is disabled after exit

STEP 9: CONFIRM REVERSION
After closing Freegate:
ProxyEnable = 0
ProxyServer = <blank>
No fg790p.exe or fg805p.exe process
No listener on 127.0.0.1:8580
Check via:
Win+I > Network & Internet > Proxy
Win+R > control > Internet Options > LAN settings

SUMMARY
Both FreeGate 7.90 & 8.05 use the same proxy mechanism (127.0.0.1:8580)
Abut 7.90 has explicit radio buttons, 8.05 has simplified controls
Verification and cleanup steps remain the same
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

Marion wrote:

Today I installed and tested FreeGate, which is "similar" to Psiphon
in that FreeGate provides a DIFFERENT way for a free encrypted proxy.

Here's my installation log, so that others can follow in my footsteps.

Rather than write a new checkproxy script, I simply added FreeGate to it.

@echo off
REM C:\data\sys\batch\checkproxy.bat 20250916
REM This is version 1.9 (w! checkproxy.bat_v1px.)
REM Custom unified Windows proxy diagnostic tool
REM v1.0 lists WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM v1.1 replaces echo. with echo( to avoid command misinterpretation
REM v1.2 adds PAC file existence check and SHA256 hash logging (114 lines)
REM v1.3 (152 lines) adds debugging (section 9)
REM v1.4 (161 lines) adds more debugging (section 10)
REM v1.5 (182 lines) adds more debugging (section 11)
REM v1.6 (204 lines) adds command reference (section 12)
REM v1.7 (205 lines) Changed example.com to abc.com throughout
REM v1.8 (217 lines) Added check for freegate proxy in addition to psiphon
REM v1.9 (229 lines) Added output in final report to add freegate logging
:: Normally the pac file is served by a web server.
:: This script doesnot rely on Windows successfully fetching the PAC file
:: via HTTP. Instead, it Sets the registry key to point to the PAC URL
:: It assumes the PAC logic is known & trusted.
:: It uses proxy.cmd to apply proxy settings directly,
:: bypassing the need for Windows to interpret the PAC file
:: So even if http://127.0.0.1/proxy.pac isnot actually being served
:: by a web server, the system still behaves as if it is because the
:: tooling here enforces the logic manually.
:: This is the where Windows typically looks for the PAC script URL.
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
:: AutoConfigURL = http://127.0.0.1/proxy.pac
:: That tells Windows to fetch the PAC file from your own machine via HTTP
:: http://127.0.0.1/proxy.pac
:: C:\data\sys\batch\proxy.pac
:: curl http://127.0.0.1/proxy.pac
::
:: You could point to the actual pac file but that's less universal
:: AutoConfigURL = file:///C:/data/sys/batch/proxy.pac
::
:: C:\app\network\psiphon\psiphon3.exe -mode=socks
:: Win+I > Settings > Network & Internet > Proxy > Manual proxy setup = on
:: Automatic proxy setup
:: Automatically detect settings = on
:: Use setup script = on
:: Script address = http://127.0.0.1/proxy.pac
:: Manual proxy setup
:: Use a proxy server = on
:: Address http=127.0.0.1:3736;https=127.0.0.1:3736;socks=127.0.0.1:1080
:: Port = <blank>
:: Use the proxy server except for addresses that start with the following entries. Use semicolons (;) to separate entries.
:: 10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;169.254.*;[fc*];[fd*];[fe8*];[fe9*];[fea*];[feb*]
:: [x]Don't use the proxy server for local (intranet) addresses
::
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
:: AutoConfigURL = http://127.0.0.1/proxy.pac
::
:: C:\data\sys\batch\proxy.pac
::
:: Final Result
:: WinINET: Enabled and pointing to Psiphon
:: WinHTTP: Synced to match WinINET
:: PAC: Registry keys set, logic assumed, Auto-Detect enabled
:: The system is now fully aligned across all proxy layers.

echo [%DATE% %TIME%] Starting proxy check...

setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set PACFILE=C:\data\sys\batch\proxy.pac

echo ==============================================
echo WINDOWS PROXY CONFIGURATION CHECK
echo ==============================================

REM --- PAC file existence check ---
if not exist "%PACFILE%" (
echo WARNING: PAC file not found at %PACFILE%
) else (
echo PAC file found at %PACFILE%
echo PAC file SHA256 hash:
certutil -hashfile "%PACFILE%" SHA256
)

REM --- WinINET (manual proxy) ---
echo(
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable

nul') do set ProxyEnable=%%B

for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer

nul') do set ProxyServer=%%B

if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo(
echo [2] WinHTTP proxy (system/background services)
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo(
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL

nul') do set PACurl=%%B

for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul')
do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)


REM Added these debugging commands (v1p3)
echo(
echo [4] Psiphon and Mongoose process check
echo tasklist | findstr /i "psiphon3.exe mongoose.exe"
tasklist | findstr /i "psiphon3.exe mongoose.exe"

:: Added this insert to check for freegate proxy (v1p8)
echo(
echo [4b] Freegate process check
tasklist | findstr /i "fg790p.exe"

echo(
echo [5b] Freegate port binding check
netstat -ano | findstr :8580
netstat -ano | findstr :8581
:: END INSERT to check for freegate proxy (v1p8)

echo(
echo [5] Port binding check (Mongoose/Proxy)
echo netstat -ano | findstr :8080
netstat -ano | findstr :8080

echo(
echo [6] DNS resolution test
echo nslookup abc.com
nslookup abc.com

echo(
echo [7] Internet connectivity test
echo ping 8.8.8.8
ping 8.8.8.8

echo(
echo [8] Proxy test via curl
echo curl -x http://127.0.0.1:3736 http://abc.com --max-time 5
curl -x http://127.0.0.1:3736 http://abc.com --max-time 5

echo(
echo [9] .NET proxy settings (PowerShell)
echo powershell -Command "[System.Net.WebRequest]::DefaultWebProxy"
powershell -Command "[System.Net.WebRequest]::DefaultWebProxy"

echo(
echo [10] Network adapter configuration
echo ipconfig /all
ipconfig /all

echo(
echo [11] Network interface and routing diagnostics

echo netsh interface show interface
netsh interface show interface

echo(
echo route print
route print

echo(
echo curl --verbose http://abc.com
curl --verbose http://abc.com

REM Optional deeper trace (creates trace.txt in current folder)
echo(
echo curl --trace trace.txt http://abc.com
curl --trace trace.txt http://abc.com


echo(
echo Summary:
echo Proxy Enabled: %ProxyEnable%
echo Proxy Server: %ProxyServer%
echo PAC URL: %PACurl%
echo AutoDetect: %AutoDetect%

echo(
echo ==============================================
echo Check complete.
echo ==============================================

echo(
echo [12] Command Reference (manual run options)
echo certutil -hashfile "C:\data\sys\batch\proxy.pac" SHA256
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer
echo netsh winhttp show proxy
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect
echo tasklist | findstr /i "psiphon3.exe mongoose.exe"
echo netstat -ano | findstr :8080
echo nslookup abc.com
echo ping 8.8.8.8
echo curl -x http://127.0.0.1:3736 http://abc.com --max-time 5
echo powershell -Command "[System.Net.WebRequest]::DefaultWebProxy"
echo ipconfig /all
echo netsh interface show interface
echo route print
echo curl --verbose http://abc.com
echo curl --trace trace.txt http://abc.com
echo(
echo Freegate process check:
tasklist | findstr /i "fg790p.exe" || echo No Freegate process found.
echo(
echo Freegate port check:
netstat -ano | findstr :8580 || echo No listener on 8580
netstat -ano | findstr :8581 || echo No listener on 8581
REM Sometimes Freegate sets ProxyServer to 127.0.0.1:8590 in
REM Internet Options while actually listening on 8580 so check for that
echo(
echo ProxyServer registry value: %ProxyServer%
echo Expected Freegate listener: 127.0.0.1:8580

endlocal
pause

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

UPDATE

When FreeGate starts, it "phones home" to the following each time:

[Tue 09/23/2025 11:15:21.19] Attempted launch: C:\data\sys\batch\dummybrowser.exe
"http://dongtaiwang.com/loc/phome.php"

By way of contrast, when Psiphon starts, it adds much more data:

[Tue 09/23/2025 11:15:21.19] Attempted launch: C:\data\sys\batch\dummybrowser.exe "https://ipfounder.net/?sponsor_id=1BA577C3C04280CF
&sponsor=psiphon
&client_region=US
&client_asn=6920
&client_platform=windows
&secret=580EfjEI23xL3hmyU6dgP4vSEVxdcEI7JDElxgjds7PHulSEE0vmOKpvzbqxyTvYtpmvsY4xMEnfWEnTghe6l8jiV3K5QSWmir2i6fDeKJD6EhL6DlmYTEMu2EE3YJvy3LdCUW7ncdVC6ipgWx06vznvDLbY1djfcfKECpfsQJei2q6tb0ESEh1QK3x3qXKvyjmNPc5J
&psireason=connect
&psicash=eyJtWXKhWEE0YSI6eyJjbEllbnKfcmVndW3uIjmiVVMiLCJjbEllbnKfdmVyc2lvbiI6IjE4NiIsInByb3BhW2E0dW3uX2NmYW5uWWxfdWQiOiI5MlEBQ0M1QlECKTA5NDKDIivic3BvbnNvcl3pWCI6IjECQzUyN0QzKDA5OTg1Q0YiLCJ1c2VyX2EnWW50IjmiUHNpcEhvbi1Qc2lDYXNmLVdpbmKvd3MiLCJ2IjmxfSvidEltWXN0YW1vIjmiMjAyNS0vOS0yM1QxNzmvODm0OC41NjKdIividE3rWW5zIjpudWxsLCJ2IjmxfQ"

Luckily, my dummybrowser.bat script captures that w/o letting it out,
but I figured folks might want to know their privacy may be impacted.

@echo off
REM C:\data\sys\batch\dummybrowser.bat 20250819
REM This is rev 2.0
REM All calls to the default web browser are intercepted & logged
REM C:\data\sys\batch\dummybrowser.bat 20250916 revision 1.8
REM C:\data\sys\batch\dummybrowser.bat 20250916 revision 1.9
REM Removed gVim launch so the log is now read only when displayed
REM C:\data\sys\batch\dummybrowser.bat 20250916 revision 2.0
REM Restored gVim launch in read-only mode to view log w/o locking
:: Batch to be converted to an exe to be easily set as the default browser
:: Start clean by deleting any existing log files.
:: del C:\data\sys\log\dummybrowser.log
:: Open admin prompt (Win+R > cmd {ctrl+shft+enter} & kill leftovers
:: taskkill /IM dummybrowser.exe /F
:: Start GitHub Bat_To_Exe_Converter_x64.exe
:: <https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
:: File > Open > C:\data\sys\batch\dummybrowser.bat
:: Options: Exe-Format: 32-bit | Console (Visible)
:: Leave all other fields blank/unchecked
:: Click Convert
:: Save as: C:\data\sys\batch\dummybrowser.exe
:: To test, run in a command prompt:
:: C:\data\sys\batch\dummybrowser.exe test123
:: [Tue 09/16/2025 16:55:50.72] Attempted launch: (fingerprint)
:: C:\data\sys\batch\dummybrowser.exe test123
:: C:\data\sys\batch\dummybrowser.exe "https://abc.com/?a=1&b=2"
:: Verify both entries in: C:\data\sys\log\dummybrowser.log
:: type C:\data\sys\log\dummybrowser.log
:: Confirm registry entry for default browser options exists.
:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command]
:: @="\"C:\\data\\sys\\batch\\dummybrowser.exe\" \"%1\""
:: Check that dummybrowser is set as the default browser
:: Win+I > Apps > Default apps > Web browser > Choose Dummy Browser

set LOGFILE=C:\data\sys\log\dummybrowser.log

REM Append new entry
echo [%date% %time%] Attempted launch: %* >> %LOGFILE%

REM Open log in gVim read-only and exit immediately
start "" "C:\app\editor\txt\vim\vim82\gvim.exe" -R "%LOGFILE%"

exit /b
--
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.msdos.batch

UPDATE

To test Freegate HTTP proxy against Psiphon free HTTP/SOCKS proxy, I've
been alternating them each day, where both run all day without complaint.

However, when I started testing Freegate HTTP proxy every other day with Psiphon HTTP/SOCKS proxy, I needed to update my start/stop/check scripts
to incorporate the different ports used as variables for the two proxies.

To that end, the checkproxy.bat script was updated to include both proxies.


@echo off
REM C:\data\sys\batch\checkproxy.bat 20250916
REM This is version 2.2
REM Custom unified Windows proxy diagnostic tool
REM v1.0 lists WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM v1.1 replaces echo. with echo( to avoid command misinterpretation
REM v1.2 adds PAC file existence check and SHA256 hash logging (114 lines)
REM v1.3 (152 lines) adds debugging (section 9)
REM v1.4 (161 lines) adds more debugging (section 10)
REM v1.5 (182 lines) adds more debugging (section 11)
REM v1.6 (204 lines) adds command reference (section 12)
REM v1.7 (205 lines) Added example.com which is reserved for demos/tests.
REM v1.8 (217 lines) Added check for freegate proxy in addition to psiphon
REM v1.9 (231 lines) Added output in final report to add freegate logging
REM v2.0 (271 lines) adds timestamped log (checkproxyYYYYMMDD_HHMMSS.log)
REM v2.1 (285 lines) parameterized HTTP port for freegate 8580 & psiphon 3736
REM v2.2 (299 lines) parameterized all the proxy ports throughout
REM Comment linelength limit ==================================================
REM 567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 12
:: Normally the pac file is served by a web server.
:: This script doesn't rely on Windows successfully fetching the PAC file
:: via HTTP. Instead, it Sets the registry key to point to the PAC URL
:: It assumes the PAC logic is known & trusted.
:: It uses proxy.cmd to apply proxy settings directly,
:: bypassing the need for Windows to interpret the PAC file
:: So even if http://127.0.0.1/proxy.pac isnot actually being served
:: by a web server, the system still behaves as if it is because the
:: tooling here enforces the logic manually.
:: This is the where Windows typically looks for the PAC script URL.
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
:: AutoConfigURL = http://127.0.0.1/proxy.pac
:: That tells Windows to fetch the PAC file from your own machine via HTTP
:: http://127.0.0.1/proxy.pac
:: C:\data\sys\batch\proxy.pac
:: curl http://127.0.0.1/proxy.pac
::
:: You could point to the actual pac file but that's less universal
:: AutoConfigURL = file:///C:/data/sys/batch/proxy.pac
::
:: C:\app\network\psiphon\psiphon3.exe -mode=socks
:: Win+I > Settings > Network & Internet > Proxy > Manual proxy setup = on
:: Automatic proxy setup
:: Automatically detect settings = on
:: Use setup script = on
:: Script address = http://127.0.0.1/proxy.pac
:: Manual proxy setup
:: Use a proxy server = on
:: Address http=127.0.0.1:3736;https=127.0.0.1:3736;socks=127.0.0.1:1080
:: Port = <blank>
:: Use the proxy server except for addresses that start with the following entries. Use semicolons (;) to separate entries.
:: 10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;192.168.*;169.254.*;[fc*];[fd*];[fe8*];[fe9*];[fea*];[feb*]
:: [x]Don't use the proxy server for local (intranet) addresses
::
:: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
:: AutoConfigURL = http://127.0.0.1/proxy.pac
::
:: C:\data\sys\batch\proxy.pac
::
:: Final Result
:: WinINET: Enabled and pointing to Psiphon
:: WinHTTP: Synced to match WinINET
:: PAC: Registry keys set, logic assumed, Auto-Detect enabled
:: The system is now fully aligned across all proxy layers.
::
REM BELOW is the log wrapper (console output saved to a timestamped file) v2p0
set "LOGDIR=C:\data\sys\log"

if "%1"=="__LOGGING__" goto :run_script

for /f "tokens=1-4 delims=/ " %%a in ("%DATE%") do (
set DOW=%%a
set MM=%%b
set DD=%%c
set YYYY=%%d
)
for /f "tokens=1-3 delims=:." %%a in ("%TIME%") do (
set HH=%%a
set Min=%%b
set Sec=%%c
)
if "%HH:~0,1%"==" " set HH=0%HH:~1,1%

set LOGSTAMP=%YYYY%%MM%%DD%_%HH%%Min%%Sec%
set "LOGFILE=%LOGDIR%\checkproxy%LOGSTAMP%.log"
set "TMPTXT=%LOGDIR%\checkproxy%LOGSTAMP%.tmp"

if not exist "%LOGDIR%" md "%LOGDIR%" 2>nul

powershell -NoProfile -Command ^
" & { & cmd /c '\"%~f0\" __LOGGING__' 2>&1 | Tee-Object -FilePath '%TMPTXT%' }"

powershell -NoProfile -Command ^
" [System.IO.File]::WriteAllText('%LOGFILE%', (Get-Content -Raw -LiteralPath '%TMPTXT%'), (New-Object System.Text.UTF8Encoding($false))); Remove-Item -LiteralPath '%TMPTXT%' -ErrorAction SilentlyContinue"

echo(
echo Log created at %LOGFILE%
echo(
pause
exit /b

:run_script
REM ABOVE is the log wrapper (console output saved to a timestamped file) v2p0

set FREEGATE_HTTP_PORT=8580
set FREEGATE_HTTP_PORT_ALT=8581
set PSIPHON_HTTP_PORT=3736
set PSIPHON_SOCKS_PORT=1080

echo [%DATE% %TIME%] Starting proxy check...

setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set PACFILE=C:\data\sys\batch\proxy.pac
REM v2.0 Replace the HTTP proxy port with a parameterized port
echo ==============================================
echo WINDOWS PROXY CONFIGURATION CHECK
echo ==============================================

REM --- PAC file existence check ---
if not exist "%PACFILE%" (
echo WARNING: PAC file not found at %PACFILE%
) else (
echo PAC file found at %PACFILE%
echo PAC file SHA256 hash:
certutil -hashfile "%PACFILE%" SHA256
)

REM --- WinINET (manual proxy) ---
echo(
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo(
echo [2] WinHTTP proxy (system/background services)
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo(
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)


REM Added these debugging commands (v1p3)
echo(
echo [4] Psiphon and Mongoose process check
echo tasklist | findstr /i "psiphon3.exe mongoose.exe"
tasklist | findstr /i "psiphon3.exe mongoose.exe"

:: Added this insert to check for freegate proxy (v1p8)
echo(
echo [4b] Freegate process check
tasklist | findstr /i "fg790p.exe"

echo(
echo [5b] Freegate port binding check
REM netstat -ano | findstr :8580
netstat -ano | findstr :%FREEGATE_HTTP_PORT%
REM netstat -ano | findstr :8581
netstat -ano | findstr :%FREEGATE_HTTP_PORT_ALT%
:: END INSERT to check for freegate proxy (v1p8)

echo(
echo [5] Port binding check (Mongoose/Proxy)
echo netstat -ano | findstr :8080
netstat -ano | findstr :8080

echo(
echo [6] DNS resolution test
echo nslookup example.com
REM nslookup example.com
REM v2.1 suppressed stderr
nslookup example.com 2>nul

echo(
echo [7] Internet connectivity test
echo ping 8.8.8.8
ping 8.8.8.8

REM Using %PROXY_PORT% set to Freegate (8580) & then to Psiphon (3736)
echo(
echo [8] Proxy test via curl (Freegate and Psiphon)

REM --- Freegate test (8580) ---
REM set PROXY_PORT=8580
set PROXY_PORT=%FREEGATE_HTTP_PORT%
echo -- Freegate on port %PROXY_PORT% --
echo curl -x http://127.0.0.1:%PROXY_PORT% http://example.com --max-time 5
curl -x http://127.0.0.1:%PROXY_PORT% http://example.com --max-time 5

REM --- Psiphon test (3736) ---
REM set PROXY_PORT=3736
set PROXY_PORT=%PSIPHON_HTTP_PORT%
REM echo -- Psiphon on port %PROXY_PORT% --
echo curl -x http://127.0.0.1:%PROXY_PORT% http://example.com --max-time 5
curl -x http://127.0.0.1:%PROXY_PORT% http://example.com --max-time 5

echo(
echo [9] .NET proxy settings (PowerShell)
echo powershell -Command "[System.Net.WebRequest]::DefaultWebProxy"
powershell -Command "[System.Net.WebRequest]::DefaultWebProxy"

echo(
echo [10] Network adapter configuration
echo ipconfig /all
ipconfig /all

echo(
echo [11] Network interface and routing diagnostics

echo netsh interface show interface
netsh interface show interface

echo(
echo route print
route print

echo(
echo curl --verbose http://example.com
curl --verbose http://example.com

REM Optional deeper trace (creates trace.txt in current folder)
echo(
echo curl --trace trace.txt http://example.com
curl --trace trace.txt http://example.com


echo(
echo Summary:
echo Proxy Enabled: %ProxyEnable%
echo Proxy Server: %ProxyServer%
echo PAC URL: %PACurl%
echo AutoDetect: %AutoDetect%

echo(
echo ==============================================
echo Check complete.
echo ==============================================

echo(
echo [12] Command Reference (manual run options)
echo certutil -hashfile "C:\data\sys\batch\proxy.pac" SHA256
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer
echo netsh winhttp show proxy
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURL
echo reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoDetect
echo tasklist | findstr /i "psiphon3.exe mongoose.exe"
echo netstat -ano | findstr :8080
echo nslookup example.com
echo ping 8.8.8.8
REM echo curl -x http://127.0.0.1:3736 http://example.com --max-time 5
echo psiphon http port
echo curl -x http://127.0.0.1:%PSIPHON_HTTP_PORT% http://example.com --max-time 5
echo freegate http port
echo curl -x http://127.0.0.1:%FREEGATE_HTTP_PORT% http://example.com --max-time 5
echo powershell -Command "[System.Net.WebRequest]::DefaultWebProxy"
echo ipconfig /all
echo netsh interface show interface
echo route print
echo curl --verbose http://example.com
echo curl --trace trace.txt http://example.com
echo(
echo Freegate process check:
tasklist | findstr /i "fg790p.exe" || echo No Freegate process found.
echo(
echo Freegate port check:
REM netstat -ano | findstr :8580 || echo No listener on 8580
REM netstat -ano | findstr :8581 || echo No listener on 8581
netstat -ano | findstr :%FREEGATE_HTTP_PORT% || echo No listener on %FREEGATE_HTTP_PORT%
netstat -ano | findstr :%FREEGATE_HTTP_PORT_ALT% || echo No listener on %FREEGATE_HTTP_PORT_ALT%
REM Sometimes Freegate sets ProxyServer to 127.0.0.1:8590 in
REM Internet Options while actually listening on 8580 so check for that
echo(
echo ProxyServer registry value: %ProxyServer%
REM echo Expected Freegate listener: 127.0.0.1:8580
echo Expected Psiphon listener: 127.0.0.1:%PSIPHON_HTTP_PORT%
echo Expected Freegate listener: 127.0.0.1:%FREEGATE_HTTP_PORT%
endlocal
--
--- Synchronet 3.21a-Linux NewsLink 1.2